Executive performance reviews will increasingly be linked to their ability to manage cyber risks, predicts the Gartner, Inc., a world leader in research and advice for companies. According to research by Gartner, nearly a third of countries will regulate potential responses to ransomware attacks in the next three years, and the consolidation of digital security platforms will be vital to help organizations develop their business initiatives, even in environments that are increasingly diverse. increasingly hostile.
Richard Addiscott, Senior Analyst at Gartner.
“We can't fall into old habits and try to treat everything the way we did in the past,” says Richard Addiscott, Senior Analyst at Gartner. “Most security and risk management leaders now recognize that major disruption is just a crisis away. We cannot control them, but we can evolve our thinking, our philosophy, our protection program, and our security architecture to mitigate the threats.”
In this scenario, Gartner recommends that cybersecurity leaders include the following strategic planning assumptions in their security strategies for the next two years:
By 2023, government regulations requiring organizations to provide privacy rights to consumers will cover 5 billion people and over 70% of the world's GDP – By 2021, nearly 3 billion individuals had access to consumer privacy rights in 50 countries, and privacy regulation continues to expand. Gartner recommends that organizations track subject entitlement request metrics, including cost per request and time to fulfill, including to identify inefficiencies and justify accelerated automation.
By 2025, 80% companies will adopt a strategy to unify web, cloud services and private application access from a single vendor's SSE platform – With a hybrid workforce and accessible data everywhere, vendors are working to deliver integrated edge security (SSE) solutions. Security Service Edge, in English) to provide effective security for software as a service (SaaS) applications. Software as a Service), web systems, private access resources and other additional platforms. Single-vendor solutions deliver significant improvements in operational efficiency and security effectiveness, including tighter integration, fewer user interfaces, and fewer places where data needs to be decrypted, inspected, and re-encrypted.
60% of organizations will adopt Zero Trust as a starting point for security by 2025. More than half will not realize the benefits – The term 'zero trust' it is now prevalent among security vendors and in government security guidelines. It emerges as an extremely powerful mindset that is gradually replacing implicit trust with trust appropriate to risks based on identity and context. However, it is important to consider that 'zero trust' is a security principle and an organizational vision that requires a cultural change and clear communication that links it to business results to achieve the expected benefits.
By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in carrying out business transactions and commitments – Third-party related cyber attacks are on the rise. However, Gartner research indicates that only 23% of security and risk leaders monitor third-party activities in real-time for cybersecurity exposure. As a result of consumer concerns and interest from regulators, Gartner analysts expect organizations to start demanding that cybersecurity risk be an increasingly significant determinant of doing business with third parties, from simply monitoring a critical technology provider to complex due diligence for mergers and acquisitions.
By 2025, 30% of nations will pass legislation regulating ransomware payments, fines and trading (up from less than 1% in 2021) – More and more modern gangs specializing in the dissemination of ransomware are acting in the theft and encryption of data. The decision whether or not to pay the ransom for this information, however, is a business-level decision, not a security one. Gartner recommends hiring a professional team of incident response, as well as law enforcement authorities and any regulatory bodies before trading.
By 2025, threat actors will have operational technology environments successfully armed to inflict human casualties – Attacks on operational technology frameworks (OT), including hardware and software that monitor or control equipment, assets and processes, will become more common and more disruptive. In operational environments, security and risk management leaders should be more concerned with real-world dangers to humans and the environment rather than information theft, according to Gartner.
By 2025, 70% from CEOs will require a culture of organizational resilience to survive coincident threats from cybercrime, severe weather events, civil unrest and political unrest – The COVID-19 pandemic exposed the inability of traditional business continuity management planning to support the organization's response to a large-scale disruption. With the possibility of continual disruption, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative and build an organization-wide resilience strategy that also involves employees, stakeholders, customers, and suppliers.
By 2026, 50% of C-level executives will have risk-related performance requirements built into their employment contracts – Most Boards of Directors regard cybersecurity as a business risk rather than just a technical IT issue, according to a recent Gartner research. As a result, Gartner expects to see a shift in formal responsibility for handling cyber risks from the security leader to senior business leaders.
