Published on November 8, 2023, 11:33 pm

A recent survey conducted by Gartner, a leading research and advisory company, has shed light on some key trends and challenges faced by chief information security officers (CISOs) in the realm of cybersecurity. The survey reveals that half of CISOs will adopt a human-centric design approach to reduce operational friction related to cybersecurity. Additionally, large enterprises will focus on implementing zero-trust programs for enhanced security measures. Furthermore, it was found that around 50% of cybersecurity leaders have unsuccessfully attempted to use cyber risk quantification to drive decision-making within their organizations.

Richard Addiscott, a senior director analyst at Gartner, emphasizes the importance of CISOs and their teams staying updated with current cybersecurity issues while also keeping an eye on future developments that may impact their security programs. He considers these survey findings as valuable insights for CISOs aiming to build effective and sustainable cybersecurity programs.

Based on Gartner’s research, it is evident that employees are aware of the risks associated with certain actions but still engage in them during work activities. To address this issue, Gartner recommends adopting human-centric security design practices that prioritize individual awareness and control implementation to minimize any potential friction.

Another crucial aspect highlighted in the survey is the role of privacy regulations in consumer data protection. Despite widespread adoption of privacy regulations by 2024, only a small fraction of organizations (less than 10%) will successfully leverage privacy as a competitive advantage. Gartner suggests that security leaders align their privacy standards with regulatory frameworks like GDPR to stand out in increasingly competitive markets and earn customer trust.

The transition towards zero-trust programs is also gaining momentum. By 2026, it is predicted that roughly 10% of large enterprises will have implemented comprehensive zero-trust programs compared to less than 1% currently. However, successful implementation requires integration and configuration expertise across various components alongside alignment with long-term business objectives.

Moreover, the role and responsibilities of CISOs are evolving, with a shift from control ownership to risk decision facilitation. This change requires reframing the cybersecurity operating model and actively engaging with employees to influence informed decision-making by equipping them with the necessary knowledge.

The survey also highlights the challenges associated with cyber risk quantification. While 62% of adopters experience intangible benefits like improved credibility and awareness, only 36% achieve tangible outcomes such as risk reduction or financial savings. Security leaders are advised to focus on quantification that decision-makers demand, rather than producing extensive analyses that struggle to gain business attention.

As work-related stressors increase in the cybersecurity industry, it is anticipated that nearly half of cybersecurity leaders will change jobs by 2025, with 25% pursuing entirely different roles. Acknowledging this issue, Gartner suggests fostering cultural shifts within organizations to create supportive environments for managing stress and reducing turnover.

Recognizing the importance of cybersecurity at the board level, Gartner predicts that by 2026, 70% of boards will include a member with expertise in cybersecurity. To establish closer relationships based on trust and support, CISOs should align themselves with the board’s risk appetite and demonstrate how their cybersecurity programs enable effective risk-taking within the organization.

Lastly, threat detection, investigation, and response (TDIR) capabilities are expected to leverage exposure management data for validating and prioritizing detected threats. With expanding attack surfaces and increased connectivity due to SaaS applications and cloud technology adoption, TDIR capabilities offer centralized platforms for comprehensive monitoring of risks and potential impacts.

In conclusion, Gartner’s survey sheds light on several key trends in cyberssecurity for CIOs to consider while building effective security programs. Adopting human-centric design practices, leveraging privacy as a competitive advantage through strong compliance standards, implementing zero-trust programs gradually over time for optimal results are some recommended approaches discussed in this article. It is essential for organizations to address these challenges head-on and stay ahead in the ever-evolving cybersecurity landscape.


Comments are closed.