Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors.
Gartner kicked off its Security & Risk Management Summit with the release of its analysts' assessments of the work ahead, which Richard Addiscott, the company's senior director analyst, discussed during his opening keynote address.
“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott said. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.”
Topping Gartner's list of eight predictions is a rise in the government regulation of consumer privacy rights and ransomware response, a widespread shift by enterprises to unify security platforms, more zero trust, and, troublingly, the prediction that by 2025 threat actors will likely have figured out how to "weaponize operational technology environments successfully to cause human casualties, the cybersecurity report said.
The eight specific predictions are:
- Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of the global GDP.
- By 2025, 80% of enterprises will adopt a strategy to unify Web, cloud services, and private application access from a single vendor’s security service edge (SSE) platform.
- Sixty percent of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits.
- By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
- Through 2025, 30% of nation-states will pass legislation that regulates ransomware payments, fines, and negotiations, up from less than 1% in 2021.
- By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties.
- By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest, and political instabilities.
- By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts.