Eight cybersecurity predictions shaping the future of cyber defense

Two-thirds of the Global 100 businesses are expected to offer directors and officers insurance to cybersecurity leaders due to personal legal risk exposure. Additionally, combating disinformation is expected to cost businesses more than $500 billion.

We are starting to see a solid opportunity beyond what is possible with GenAI to help solve some of the problems that have long plagued cybersecurity, particularly skills shortages and unsafe user behavior. This year's hottest predictions clearly don't range from technology, as the human element continues to gain more attention. Any CISO seeking to build an effective and sustainable cybersecurity program should make this a priority.

Basic Assumptions for Cybersecurity Leaders’ Strategic Planning

Gartner recommends that cybersecurity leaders establish the following strategic planning assumptions in their security strategy for the next two years.

By 2028, GenAI adoption will close the skills gap, with 50% of entry-level cybersecurity positions no longer requiring specialized education.

Augmentations through GenAI will change the way enterprises recruit and educate cybersecurity personnel, who look for the right competencies, as well as the right education. Conversation enhancements are already available on mainstream platforms, but these will continue to evolve. Gartner recommends that cybersecurity teams focus on internal use cases that support user efforts, coordinating with HR asset partners to ensure adjacent talent is filling more critical cybersecurity roles.

By 2026, by combining GenAI with the Security Behavior and Platform Culture Program (SBCP), an integrated platform-based architecture, the enterprise will experience a 40% reduction in employee-driven cybersecurity incidents.

In the future, enterprises will pay more and more attention to personalized participation as an important part of effective SBCP. GenAI tools have the potential to generate hyper-personalized content and training materials that take into account employees’ unique attributes. According to Gartner, this will increase the likelihood that employees will adopt safer measures in their daily work, thus reducing cybersecurity incidents.

Enterprises that are not yet leveraging GenAI capabilities should evaluate their current external security awareness partners to understand how to leverage GenAI as part of their solution roadmap.

By 2026, 75% of enterprises will exclude unmanaged, legacy and cyber-physical systems from their zero trust strategy.

Under a zero trust strategy, users and endpoints are only given the access they need to do their jobs and are continuously monitored against evolving threats. In production or mission-critical environments, these concepts do not apply to unmanaged devices, legacy applications, and cyber-physical systems (CP) that are designed to perform specific tasks in unique security- and reliability-focused environments. .

By 2027, two-thirds of the Global 100 businesses will offer directors and officers (D&O) insurance to cybersecurity leaders due to personal legal risk exposure.

New laws and regulations — such as the SEC’s Cybersecurity Disclosure and Reporting Rule — hold cybersecurity leaders personally accountable. CISO roles and responsibilities need to be updated to allow for relevant reporting and disclosure. Gartner recommends that enterprises explore the benefits of underwriting D&O insurance as well as other insurance and indemnity underwriting roles to mitigate personal liability, professional risk and legal expenses.

By 2028, companies will spend more than $500 billion combating malicious information, eating into 50% of marketing and cybersecurity budgets.

The combination of artificial intelligence, analytics, behavioral science, social media, the Internet of Things and other technologies enables bad actors to create and spread efficient, mass-tailored malicious information (or misinformation). Gartner recommends that CIOs define responsibilities for managing, designing, and executing an enterprise-wide anti-malware program and invest in tools and techniques that use chaos engineering to test resiliency to address this issue.

By 2026, 40% of identity and access management (IAM) leaders will have primary responsibility for detecting and responding to IAM-related breaches.

IAM leaders often struggle to articulate security and business value to drive accurate investments and do not engage in security resource and budget discussions. As IAM leaders grow in importance, they will move in different directions, each with increased responsibility, visibility, and influence. Gartner recommends that CIOs break down traditional IT and security silos by aligning IAM plans with security plans so stakeholders understand the role IAM plays.

By 2027, 70% of enterprises will integrate data loss prevention and internal risk management rules with their IAM environment to more effectively identify suspicious behavior.

Growing interest in integrated controls is prompting vendors to develop overlapping capabilities between user behavior-centric controls and data loss prevention, giving security teams a more comprehensive set of capabilities to provide Dual use of data security and internal risk mitigation creates a single policy. Gartner recommends that enterprises identify data risks and identity risks as primary directives for strategic data security.

By 2027, 30% of cybersecurity capabilities will be reimagined for application security, directly usable by non-cyber experts and owned by application owners.

The volume, variety and environments of applications created by business technical staff and distributed delivery teams mean that the potential for exposure is far beyond what a dedicated application security team can handle.

To bridge this gap, cybersecurity functions must build a minimum level of effective expertise within these teams, leveraging a combination of technology and training to generate only the capabilities needed to autonomously make cyber risk-informed decisions.

The above is the detailed content of Eight cybersecurity predictions shaping the future of cyber defense. For more information, please follow other related articles on the PHP Chinese website!