Gartner Unveils Top Eight Cybersecurity Predictions For 2022-23

5 minutes

High-profile cyberattacks, data breaches, and ransomware attacks have dominated the headline...

High-profile cyberattacks, data breaches, and ransomware attacks have dominated the headlines over the past year or so, causing organizations all around the world to review their cybersecurity strategies.

For organizations that do not regard cybersecurity as a business investment, the destructive effects of cyberattacks on a company's ability to operate will increase in the future.

The Gartner Security & Risk Management Summit, June 20-21 in Sydney, Australia, delivered sobering revelations about the future of cybersecurity — with the aim of helping security and risk management leaders succeed in the digital era.

Richard Addiscott, senior director analyst, and Rob McMillan, managing vice president, of Gartner, highlighted important patterns in their opening keynote talk. One of these trends was the emerging relationship between Executives' performance evaluations and the capacity to handle cyber risk.

Gartner’s experts noted that almost one-third of all nations will regulate ransomware response within the next three years, and security platform consolidation will help organizations thrive in hostile environments.

“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott told attendees. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.”

Gartner recommends that cybersecurity leaders build several strategic planning assumptions into their security strategies for the next two years:

1. Consumer privacy rights will be extended

Privacy regulation continues to expand and the tech analyst predicts it will be extended to cover five billion people, and more than 70% of global GDP. It said organizations should track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.

2. By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access

Garter said with the rise of hybrid work, vendors are offering integrated services across web and cloud-application security. The benefit here is tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected, and re-encrypted.

3. Many organizations will embrace zero trust but fail to realize the benefits

The tech analyst predicts that by 2025, 60% of organizations will attempt to adopt zero-trust security, a concept that assumes there is no traditional 'perimeter' to the corporate network, so all devices and users have to be regularly re-authenticated. But it said more than half will fail to realize the benefits.

Replacing implicit trust with identity -- and context-based, risk-appropriate trust -- is extremely powerful, said Gartner, but requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits. And not all companies will be successful.

4. Cybersecurity will become key to choosing business partners

Gartner predicts that 60% of organizations will use cybersecurity risk as a "primary determinant" in conducting third-party transactions and business engagements by 2025. Only 23% of organizations monitor third parties in real-time for cybersecurity exposure, according to Gartner. But as a result of pressure from customers and regulators, it believes organizations will start to insist on measuring cybersecurity risk, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.

5. Ransomware payment legislation will rise

At the moment there is little legislation around when companies can -- and can't -- pay ransomware demands. That could be about to change; Gartner predicts one in three countries will introduce such laws soon. The decision to pay the ransom or not is a business-level decision, not a security one. Gartner recommends engaging a professional incident-response team as well as law enforcement and any regulatory body before negotiating.

6. Hackers will weaponize operational technology environments to cause human casualties

Attacks on OT -- hardware and software that monitors or controls equipment, assets, and processes and is often the brains behind industrial systems in factories or power grids -- have become more common and more disruptive, Gartner said, warning that threat actors will have "weaponized" operational technology environments to cause human casualties by 2025. "In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft", according to the analyst firm.

7. Resilience will be about more than just cybersecurity

By 2025, 70% of CEOs will drive a culture of organizational resilience to deal with threats from cybercrime, but also from severe weather events, civil unrest, and political instabilities, Gartner said: "With continued disruption likely, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative."

8. Cybersecurity will matter for the CEO's bonus

By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts, Gartner said. As boards now increasingly regard cybersecurity as a business risk rather than just a technical problem, accountability for cyber risk will shift from the security leader to senior business leaders, it said.

Final remarks

The Gartner Security & Risk Management Summit offered a comprehensive glimpse into the future of cybersecurity, painting a landscape where organizations must evolve their strategies to stay ahead of emerging threats. The interconnected nature of modern businesses requires a holistic approach to cybersecurity that extends beyond technical measures. 

As organizations continue to grapple with the ever-changing cyber threat landscape, the insights from this summit serve as a compass to guide them toward a more secure and resilient future. By embracing these strategic planning assumptions, businesses can navigate the evolving cybersecurity terrain and ensure their long-term success in the digital era.

Looking to improve your cyber security structure within your business but not sure where to start? Get in contact with one of our specialized consultants and get your security team hired today! We can ensure an A-list of candidates and a cooperative and extensive relationship with both clients and candidates.