Highlights from the Gartner Security & Risk Management Summit 2024

27 March 2024

The latest Gartner summit left participants with a series of predictions for the cyber security sector including some eye-popping numbers regarding mal-information, or information that is based on reality but is used out of context to manipulate or inflict harm on a person, organisation, or country.

According to those grappling with this emerging threat, the convergence of AI, social media, analytics, behavioural science, IoT and other technologies can allow bad actors to create and spread highly effective, mass-customised mal-information. The cost of fighting this growing phenomenon is predicted to hit $500 billion by 2028, in some cases consuming 50% of marketing and cyber security budgets. ‘Chaos engineering’, another newly minted term, might prove a critical tool in testing organisational resilience in the face of these growing information threats.    

As regulators across the globe toughen their stance on security breaches, Gartner expects that by 2027, two-thirds of global 100 organisations will extend directors and officers insurance to cyber security leaders to protect them against personal legal exposure. The newly enacted SEC security disclosure and reporting rules expose cyber leaders to personal liability, sending a shudder through the CISO ranks. This has been highlighted by the regulatory follow-up to the SolarWinds breach of 2020.

Locally, ASIC has indicated it will be hunting high profile executive targets in the aftermath of any data compromise. Chairman Joe Longo recently stated, “If things go wrong, ASIC will be looking for the right case where company directors and boards failed to take reasonable steps, or make reasonable investments proportionate to the risks that their business poses.” Considering such statements, the extension of insurance to protect cyber security leaders makes sense.

Other Gartner predictions included:

  • By 2026, 75% of organizations will exclude unmanaged, legacy, and cyber-physical systems from their Zero Trust strategies.
  • By 2027, 30% of cyber security functions will be performed directly by non-cyber experts and owned by application providers.
  • By 2028, the adoption of GenAI will narrow the skills gap, removing the need for specialised education from 50% of entry-level cyber security positions.

The cyber security landscape is a constant state of evolution and predicting the future is notoriously fraught with imprecision. The Gartner event provided a range of discussion points that may or may not come to pass, but nonetheless stimulated the imaginations of thought leaders within the industry.

back to blog

We protect australia's leading brands and businesses against cyber threats.

Cyber security is in our DNA