In order for cybersecurity initiatives to be effective in reducing security failures, Gartner, a research and consulting firm, finds that it will be essential for security and risk management leaders to turn to a human-centered approach.
A human-centric approach in cybersecurity practices prioritizes the individual employee and their experience, which ultimately encourages better practices while also reducing friction and risk.
In the past, there has been a focus in improving the technology or the many different processes that uphold security practices. Going forward, having a "human-centric talent management approach" means focusing on the employees that require these kinds of updates to technology and program processes to be made in the first place, and shifting from external hiring to internal or "quiet hiring," according to Gartner.
In addition to a human-centric security design and enhancing people management in security programs, changing the cybersecurity operating model will also be amongst the top three trends in cybersecurity for 2023, according to the analyst firm. It will be necessary for employees to understand and manage a variety of different types of risks related not only to cybersecurity, but also "financial, reputational, competitive, and legal risks."
Creating effective cybersecurity policies and initiatives is not a one and done deal, analysts stressed, but instead requires continuous management and integration into the model of the core business strategy.
"Business leaders now widely accept that cybersecurity risk is a top business risk to manage — not a technology problem to solve," Richard Addiscott, senior director analyst at Gartner, said in Gartner's announcement. "Supporting and accelerating business outcomes is a core cybersecurity priority yet remains a top challenge."
The additional six cybersecurity trends for 2023 noted in Gartner's rundown this week are:
- Threat Exposure Management
- Identity Fabric Immunity
- Cybersecurity Validation
- Cybersecurity Platform Consolidation
- Composable Business Need Composable Security
- Boards Expand Their Competency in Cybersecurity Oversight