Top cybersecurity predictions for 2023 and beyond: Gartner
Analyst firm Gartner — at the Gartner Security & Risk Management Summit, February 13-14, in Mumbai, India – has revealed top Cybersecurity predictions for 2023 and beyond.
“Executives are expecting either substantial or significant industry transformation over the next five years. Now is the time for cybersecurity leaders to evaluate their strategies and prepare to navigate the future with confidence,” Deepti Gopal, Director Analyst and Christopher Mixter, VP Research at Gartner, said.
Gartner recommends that cybersecurity leaders use strategic planning assumptions to influence their cybersecurity strategies for the coming years.
Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70 percent of global GDP.
The implications of new GDPR-centric privacy legislation mean organizations no longer have the luxury of only worrying about what’s stored in the country they’re operating in. Organizations need to develop a clear understanding of the privacy landscape, evaluate and introduce privacy enhancing computation to help preserve privacy and confidentiality via automation. They will need to track subject rights request metrics to identify inefficiencies and justify accelerated automation.
By 2025, 80 percent of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
With a hybrid workforce and data everywhere accessible by everything, vendors are offering an integrated security service edge (SSE) solution to deliver consistent and simple web, private access and SaaS application security. Single-vendor solutions provide significant operational efficiency and security effectiveness compared with best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.
60 percent of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits.
The term zero trust is now prevalent in security vendor marketing and in security guidance from governments. As a mindset — replacing implicit trust with identity- and context-based risk appropriate trust — it is extremely powerful. However, as zero trust is both a security principle and an organizational vision, it requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits.
By 2025, 60 percent of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
Cyberattacks related to third parties are increasing. Only 23 percent of security and risk leaders monitor third parties in real time for cybersecurity exposure. Organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.
Through 2025, 30 percent of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1 percent in 2021.
Modern ransomware gangs steal data as well as encrypt it. The decision to pay the ransom or not is a business-level decision, not a security one. Organizations need to engage a professional incident response team as well as law enforcement and any regulatory body before negotiating.
By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties.
Attacks on OT – hardware and software that monitors or controls equipment, assets and processes – have become common and disruptive. Security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft.
By 2025, 70 percent of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.
By 2026, 50 percent of C-level executives will have performance requirements related to risk built into their employment contracts.
Most boards regard cybersecurity as a business risk rather than solely a technical IT problem. There will be a a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders.