Cybersecurity Leaders Must Address Cybersecurity Burnout to ensure the effectiveness of programs
O Gartner, Inc.. announces the main cybersecurity trends for 2025. These trends are influenced by the evolution of Generative Artificial Intelligence (GenAI), digital decentralization, supply chain interdependencies, regulatory changes, endemic talent shortages, and an ever-evolving threat landscape.
Alex Michaels, Senior Principal Analyst at Gartner, said: “Security and risk management (SRM) leaders face a combination of challenges and opportunities this year as they aim to enable transformation and embed resilience. Their efforts to achieve both are crucial to supporting their organizations’ aspirations to not only innovate, but also ensure that their innovations are secure and sustainable in a rapidly changing digital world.”
The following six trends will have a broad impact on these areas:
Trend 1: GenAI Driving Data Security Programs
Traditionally, most of the efforts and financial resources for safety focus on protecting structured data, such as databases. However, the rise of GenAI is transforming data security programs, shifting the focus to protecting unstructured data – text, images, and videos.
“Many companies have completely reoriented their investment strategies, which has significant implications for Large Language Model (LLM) training, data deployment, and inference processes,” says Michaels. “Ultimately, this shift highlights the changing priorities that leaders must address when communicating the impact of GenAI on their programs.”
Trend 2: Machine Identity Management
The growing adoption of GenAI, Cloud services, automation, and DevOps practices have led to the widespread use of machine accounts and credentials for physical devices and software workloads. If left unchecked and unmanaged, machine identities can significantly expand an enterprise’s attack surface.
According to Gartner, SRM leaders are under pressure to create a strategy for implementing robust machine identity and access management (IAM) to protect against attacks, but this must be a coordinated effort across the enterprise. A Gartner survey of 335 IAM leaders globally conducted between August and October 2024 found that IAM teams are responsible for just 44% of an organization’s machine identities.
Trend 3: Tactical AI
SRM leaders are facing mixed results with their Artificial Intelligence implementations (AI), leading them to reprioritize their initiatives and focus on narrower use cases with direct, measurable impacts. These more tactical implementations align AI practices and tools with existing metrics, fit them into current initiatives, and increase visibility into the real value of AI investments.
“SRM leaders now have clear responsibilities to protect third-party AI consumption, secure enterprise AI applications, and improve AI-enabled cybersecurity,” says Michaels. “By focusing on more tactical, demonstrably beneficial improvements, they can minimize risk to their cybersecurity programs and more easily demonstrate progress.”
Trend 4: Optimizing Cybersecurity Technology
According to a Gartner survey of 162 large enterprises conducted between August and October 2024, companies use an average of 45 cybersecurity tools. With more than 3,000 cybersecurity vendors, SRM leaders need to optimize their toolkits to create more efficient and effective security programs.
Gartner recommends striking a balance that satisfies procurement, security architects, security engineers, and other stakeholders to maintain the right security posture. To achieve this, SRM leaders should consolidate and validate key security controls and focus on architecture that enhances data portability. Threat modeling and organizational technology drivers, such as AI adoption, can also be used to assess advanced needs.
Trend 5: Expanding the value of safety culture and behavior programs
Security Behavior and Culture Programs (SBCPs) have reached an inflection point for most organizations. Effective SRM leaders recognize the value these programs bring to improving their cybersecurity posture. According to Gartner, one of the biggest drivers of change in these programs is GenAI—organizations that combine technology with an integrated platform-based architecture in SBCPs will see 40% fewer employee-caused cybersecurity incidents by 2026.
This trend is gaining momentum due to the growing recognition that both good and bad human behavior are essential components of cybersecurity. As a result, behavior- and culture-focused activities have become a prominent approach to addressing human-level understanding and ownership of cyber risk. This reflects a strategic shift toward embedding security into organizational culture.
Trend 6: Addressing cybersecurity burnout
SRM leader and security team burnout is a key concern for an industry already plagued by a systemic skills shortage, according to Gartner. This widespread stress stems from the relentless demands associated with securing highly complex enterprises in ever-changing threat, regulatory and business environments with limited authority, executive support and resources.
“Cybersecurity burnout and its organizational impact must be recognized and addressed to ensure cybersecurity program effectiveness,” says Michaels. “The most effective SRM leaders are not only prioritizing their own stress management, but also investing in team-wide wellness initiatives that have been shown to improve personal resilience.”
Topics like this and others that explore the evolving landscape of risks and strategies, as well as practical insights on how to deal with the challenges of increasingly complex cyber environments will be highlighted in the Gartner Security & Risk Management Conference, which will be held on August 5th and 6th, in São Paulo. More information is available at: https://www.gartner.com/pt-br/conferences/la/security-risk-management-brazil
Gartner customers can read more at “Top Trends in Cybersecurity for 2025”.
Learn how to create a cybersecurity strategy that meets the needs of people as well as technology, in this free guide from Gartner.
About the Gartner Security & Risk Management Conference
Gartner analysts will present the latest research and advice for security and risk management leaders at the Security & Risk Management Conference, which will be held March 10-11 in Mumbai (India), April 7th and 8th in Dubai (United Arab Emirates), June 9 and 11 in National Harbor (United States), July 23 and 25 in Tokyo (Japan), August 5th and 6th in Sao Paulo (Brazil) and September 22nd and 24th in London (England). Follow the news and updates from conferences on X using #GartnerSEC.
About Gartner for Cybersecurity Leaders
O Gartner for Cybersecurity Leaders equipa os líderes de segurança com as ferramentas para ajudar a reformular os papéis, alinhar a estratégia de segurança aos objetivos de negócios e construir programas para equilibrar a proteção com as necessidades das empresas. Informações adicionais estão disponíveis em[https://%20/] https://www.gartner.com/en/cybersecurity. Follow news and updates from Gartner for Cybersecurity Leaders on X and LinkedInusing #GartnerSEC. Visit the Press Room from Gartner for more information and insights.
About Gartner
O Gartner, Inc. provides objective, actionable insights that drive smarter decisions and better performance for enterprises’ mission-critical priorities. To learn more, visit www.gartner.com
EN 
PT 
