Gartner, Inc. today announced its top eight cybersecurity predictions for 2024 and beyond. One of the strongest predictions is that the adoption of generative AI (GenAI) will close the cybersecurity skills gap and reduce employee-driven cybersecurity incidents. Two-thirds of the world's 100 organizations plan to provide directors' and officers' insurance coverage to cybersecurity leaders due to personal legal exposure. And the fight against fraudulent information will cost companies more than $500 billion in losses.
Gartner recommends that cybersecurity leaders incorporate the following strategic planning assumptions into their security strategies for the next two years.
By 2028, GenAI will close the skills gap and eliminate the need for specialized training from 50% of entry-level cybersecurity jobs.
GenAI's expansion will also change the way organizations hire and train cybersecurity personnel, seeking not just the right education, but the right fit. Mainstream platforms already offer conversational enhancements, but they will continue to evolve. Gartner recommends that cybersecurity teams focus on internal use cases that support user work. Coordination with HR partners. and identify adjacent talent for more critical cybersecurity roles.
By 2026, companies that combine GenAI and Security Behavior Culture Program (SBCP) integrated platform-based architectures will see a 40% reduction in employee-driven cybersecurity incidents.
Organizations are increasingly focusing on personalized engagement as a key element of an effective SBCP. GenAI has the potential to generate hyper-personalized content and training materials that take into account employees' unique attributes. According to Gartner, this increases the likelihood that employees will adopt safer behaviors in their daily work, resulting in fewer cybersecurity incidents.
By 2026, 75% of organizations will exclude unmanaged, legacy, and cyber-physical systems from their Zero Trust strategies.
With a Zero Trust strategy, users and endpoints receive only the access they need to perform their jobs and are continuously monitored based on evolving threats. In production and mission-critical environments, these concepts include unmanaged devices, legacy applications, and cyber-physical systems designed to perform specific tasks in unique, secure and reliable environments. (CPS) is not universally applicable.
By 2027, two-thirds of the world's 100 organizations will provide directors and officers (D&O) insurance to cybersecurity leaders for personal legal risk.
New laws and regulations, such as the SEC's cybersecurity disclosure and reporting rules, expose cybersecurity leaders to personal liability. CISO roles and responsibilities need to be updated for related reporting and disclosures. Gartner recommends that organizations consider the benefits of covering their roles with D&O insurance or other insurance or coverage to reduce personal liability, professional risk, and litigation costs.
By 2028, organizations are expected to spend more than $500 billion on anti-fraud, with marketing and cybersecurity budgets competing for 50% of each other.
By combining AI, analytics, behavioral science, social media, the Internet of Things, and other technologies, bad actors can create highly effective, highly customized malicious information (or misinformation). You can create and spread it. Gartner recommends that CISOs define responsibilities for managing, devising, and executing enterprise-wide anti-fraud programs and invest in tools and techniques that address issues that use chaos engineering to test resiliency. doing.
By 2026, 40% of identity and access management (IAM) leaders will assume primary responsibility for detecting and responding to IAM-related breaches.
IAM leaders often struggle to articulate security and business value to drive accurate investments, and are not involved in security resource and budget discussions. As IAM leaders continue to grow in importance, their responsibilities, visibility, and influence will increase and evolve in different directions. Gartner recommends that CISOs break down traditional IT and security silos by aligning their IAM programs with security initiatives to give stakeholders visibility into the role IAM plays. .
By 2027, 70% of organizations will combine data loss prevention and insider risk management disciplines with IAM context to more effectively identify suspicious behavior.
The growing interest in integrated controls has led vendors to develop features that represent an overlap between user behavior-focused controls and data loss prevention. This introduces a more comprehensive feature set that allows security teams to create a single policy for both data security and insider risk mitigation. Gartner recommends that organizations identify data and identity risks and use them together as key directives for strategic data security.
By 2027, application security will be redesigned so that 30% of cybersecurity capabilities are directly available to non-cyber experts and owned by application owners.
The volume, variety, and context of applications created by business technologists and distributed delivery teams means they are exposed to risks far beyond what a dedicated application security team can address.
