O Gartner, a world leader in research and advice for businesses, releases key cybersecurity predictions for this year and 2024. According to the latest 50% surveys of chief information security officers (CISOs – Chief Information Security Officer) will adopt a design human-centric to reduce the operational frictions of cybersecurity; large companies will focus on implementing programs 'Zero Trust'; and half of cybersecurity leaders will unsuccessfully attempt to use cyber risk quantification to drive corporate decision-making.
Richard Addiscott, Analyst and Senior Director at Gartner
“There is no question that CISOs and their teams must focus on what happens today to ensure their organizations are more secure,” he says. Richard Addiscott, Analyst and Senior Director at Gartner “But these executives also need to take the time to look beyond their day-to-day challenges, scan the horizon to identify threats that could impact their security programs for years to come. This information serves as a red flag and should be considered by any CISO looking to create an effective and sustainable cybersecurity program.”
Gartner recommends that cybersecurity leaders build their strategies for the next two years in line with these 8 predictions:
1. By 2027, 50% of CISOs will formally adopt human-centered design practices in their cybersecurity programs to minimize operational friction and maximize adoption of control – Gartner research shows that over 90% of employees who admitted to performing a number of unsafe actions while on the job already knew their actions would increase the risk to the organization, but did it anyway. Human-centric security design is modeled with the individual – not the technology, threat or location – as the focus and implementation of control to minimize attrition.
2. 10% of organizations will successfully use privacy as a competitive advantage – Companies are starting to recognize that a privacy program can allow them to use data more broadly, differentiating themselves from competitors and building trust with customers, partners, investors and regulators. Gartner recommends that security leaders apply a comprehensive privacy standard in accordance with the General Personal Data Protection Act (LGPD) to stand out in an increasingly competitive market and grow without hindrance.
3. By 2026, 10% of large companies will have a comprehensive, mature and measurable program of 'Zero Trust' in effect, up from minus 1% today – An implementation of 'Zero Trust' mature and comprehensive requires integration and configuration of many components, which can be quite technical and complex. Success is highly dependent on converting it into business value. Starting small, a mindset of 'Zero Trust' constantly evolving makes it easier to understand the benefits of a program and manage some of the complexity one step at a time.
4. By 2027, 75% of employees will acquire, modify or build technology outside of IT visibility, up from 41% in 2022 – Reframing the cybersecurity operating model is key to the changes to come. Gartner recommends thinking beyond technology and automation to deeply engage with employees, influence decision-making and ensure they have the appropriate knowledge to act in an informed manner.
5. By 2025, 50% of cybersecurity leaders will unsuccessfully attempt to use cyber risk quantification to guide corporate decision-making – Gartner research indicates that 62% of companies adopting threat quantification cite slight gains in credibility and awareness of the issue, but only 36% achieved action-based outcomes including risk reduction, money savings or real decision influence. Security leaders must focus firepower on quantifying the issues that decision makers are asking for, rather than producing generic analyzes to try to persuade the organization to care.
6. By 2025, nearly half of cybersecurity leaders will change jobs, of which 25% will move into different roles, primarily because of work-related stress – Accelerated by the pandemic and staffing shortages across the industry, industry work pressures are increasing and becoming unsustainable. Gartner suggests that while eliminating this problem is unrealistic, professionals can manage challenging and stressful jobs at companies that are supportive and capable of changing the rules of engagement to promote cultural change.
7. By 2026, 70% of Boards of Directors will include a member with cybersecurity experience – For leaders in this industry to be recognized as business partners, they need to recognize the risk appetite of the Board of Directors and the company. This means not only showing how the cybersecurity program prevents bad things from happening, but also how it improves the company's ability to take risks effectively. Gartner recommends that CISOs anticipate change to promote and support cybersecurity via the Council and establish a closer relationship to improve trust and support.
8. By 2026, more than 60% of threat detection, investigation and response (TDIR – Threat Detection and Incident Response) will leverage exposure management data to validate and prioritize detected risks, above current 5% – As organizational attack surfaces expand due to increased connectivity, as well as the use of Software as a Service (SaaS) and Cloud applications, enterprises require a wide range of visibility and a central location to constantly monitor threats. and the exhibition. TDIR capabilities can provide a unified platform or ecosystem where detection, investigation and response can be managed, giving security operations teams a complete view of risks and their potential impact.
EN 
PT 
