Tags: Gartner; Risk Management; Predictions
Relevance: Cyber security risk management runs as a central theme throughout each of these predictions.
- Formal risk management critical thinking and processes have been central to peer conversations for more than 10 years. It’s now time to bring quantitative and qualitative measurement and evaluation into business decisions regarding controls that protect critical assets. We do this to protect our business.
- Just as importantly, perhaps more so, risk management must be part of product security decision making. We do this to protect our customers… which protects our business.
Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.
- Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.
- By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
- 60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits
- By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
- Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.
- By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties.
- By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.
- By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts