Exploring the future of Cybersecurity, the Gartner analysts revealed the top eight Cybersecurity Predictions for 2022 and 2023. Ranging from linking executive performances with cybersecurity risk to nation-states regulating ransomware payments, the top 8 cybersecurity predictions are a must in IT and Business Strategy.
The top 8 cyber security predictions for 2022 and beyond:
- Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.
- By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
- 60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits
- By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
- Through 2025, 30% of nation-states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.
- By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties
- By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.
- By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts
In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing Vice President at Gartner discussed the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.
The financial impact of cyber-physical security attacks could be over $50 billion
Gartner Research
Cybersecurity Prediction #1: Consumer Privacy Rights
Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP
As of 2021, almost 3 billion individuals had access to consumer privacy rights across 50 countries, and privacy regulation continues to expand.
Gartner recommends that organizations track subject rights request metrics, including cost per request and time to fulfil, to identify inefficiencies and justify accelerated automation.
Related Article: Is The Future Of Cybersecurity Automated? Experts think so
Cybersecurity Prediction #2: Web, cloud services and private app access from a single vendor’s SSE platform
By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
With a hybrid workforce and data everywhere accessible by everything, vendors are offering an integrated security service edge (SSE) solution to deliver consistent and simple web, private access and SaaS application security.
Single-vendor solutions provide significant operational efficiency and security effectiveness compared with best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.
“Cybersecurity efforts are not keeping pace with digital transformation”
Cybersecurity Prediction #3: Zero Trust as a starting point for security
60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits
The term zero trust is now prevalent in security vendor marketing and in security guidance from governments.
As a mindset — replacing implicit trust with identity- and context-based risk-appropriate trust — it is extremely powerful.
However, as zero trust is both a security principle and an organizational vision, it requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits.
Australia needs 7,000 Cybersecurity Professionals By 2024
EY
Cybersecurity Prediction #4: Cybersecurity risk as a primary determinant
By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
Cyberattacks related to third parties are increasing. However, only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure, according to Gartner data. As a result of consumer concerns and interest from regulators, Gartner believes organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.
Also read: The Top Security and Risk Management Trends for 2022
Cybersecurity Prediction #5: Ransomware payment regulation is coming
Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.
Modern ransomware gangs now steal data as well as encrypt it. The decision to pay the ransom or not is a business-level decision, not a security one. However, Gartner recommends engaging a professional incident response team as well as law enforcement and any regulatory body before negotiating.
Also read: Australia has a Cybersecurity talent shortage
Cybersecurity Prediction #6: Weaponisation of operational technology environments
By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties.
Attacks on OT – hardware and software that monitors or controls equipment, assets and processes – have become more common and more disruptive. In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft, according to Gartner.
Also read: Gartner Predicts 40% of Boards Will Have a Dedicated Cybersecurity Committee by 2025
Cybersecurity Prediction #7: Culture of Organisational resilience will be mandated by CEOs
By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.
Gartner’s research forecast “75% of CEOs will be personally liable for Cyber-Physical security as the cost of security attacks could reach $50bn“.
The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support the organization’s response to a large-scale disruption.
With continued disruption likely, organisational resilience needs to be recognised as a strategic imperative.
Cybersecurity Prediction #8: Executive Performance linked with Risk
By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts
Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent Gartner survey.
As a result, Gartner expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders.
