All 2026 Conference Sessions

The Real Cost of Cybersecurity

Speakers: 

• Christopher Mixter, VP Analyst, Gartner 

Key takeaways

• The cybersecurity budget doesn’t represent the real cost of protecting an organization. The real cost of cybersecurity is the all-in cost of delivering protection: technology, labor and the business friction that results from controls.

• Knowing the real cost of cybersecurity supports an outcome-driven approach because it gives business leaders transparency into the tradeoffs between protection, spend and business enablement.

• Outcome-driven metrics must be the starting point for measuring the real cost of cybersecurity. They measure control performance, offer a forward-looking view of exposure, can be influenced by investment and allow benchmarking across organizations and governments.

• The real cost of cybersecurity isn’t just a way to justify budgets or new resources; it’s a tool to engage executives in active conversation about the value of cybersecurity, how much they want to invest and how much risk they are willing to accept.

• Effective CISOs and CIOs use the real cost of cybersecurity to negotiate protection level agreements with their executives, increasing transparency of value for cost, clarity of accountability and defensibility in the event of an adverse cybersecurity event.

Outlook for AI & Cybersecurity

Speakers: 

• Leigh McMullen, Distinguished VP Analyst and Gartner Fellow 

Key takeaways

• AI has become both the engine of cybersecurity transformation and the accelerant of risk. 87% of leaders identify AI vulnerabilities as the fastest growing and most urgent cybersecurity risk.

• Unlike previous technology waves, AI timelines are compressed. It’s important to operate in three lanes: act for what’s known now, plan for the next few quarters, and monitor the uncertain horizon. Today’s environment requires thinking in sprints, not program years.

• Most technologies cybersecurity teams have to secure are deterministic, but AI isn’t. Part of its value comes from unpredictability, making it behave more like humans with all of the challenges of anticipating, shaping and responding to unexpected events.

• Threat actors and rogue states won’t be limited by regulation, driving damaging AI to evolve without boundaries. Organizations must invest in defensive and offensive technologies as quickly and as broadly as threat actors do.

• Most vendors are racing toward the vision of an AI security platform, but AI security is still too broad for any single platform to go deep enough. Focus the next 12-18 months on AI usage control and AI application security as the most proven way to secure AI applications and agents.

AI-Enhanced SOC: Bridging the Gap to Advanced Automation

Speakers: 

• Craig Lawson, VP Analyst, Gartner

Key takeaways

• Gartner predicts 25% of common SOC tasks will become 50% more cost-efficient due to automation enhancements and hyperscaling strategies by 2027.

• Bridging the gap to advanced automation in the SOC can only be achieved by progressing through the different stages of AI adoption at a pace the organization can sustain.

• Determine what can be automated today and strategize about what is coming to enable automation and augmentation in the future. The SOC team can then handle greater workloads through the use of AI and automation.

• Outcomes are only defensible when supported by metrics that demonstrate improvements in the activities the team is doing today. Without doing so, security operations automation initiatives can never be objectively measured.

• Continuously validate the outputs of automation and AI tools and use metrics consistently to ensure accuracy and reliability. Rely on existing metrics, rather than inventing new ones.

Top Cybersecurity Trends

Speakers: 

• Richard Addiscott, VP Analyst, Gartner

Key takeaways

• Amid regulatory volatility and geopolitical, technological and organizational forces, CISOs must rethink how they approach cyber risk management, resilience and resource allocation by assessing each trend to determine whether to embrace, monitor or deprioritize.

• Postquantum computing moves into action plans: As quantum computing renders today’s cryptography unsafe by 2030, CISOs must inventory all crypto assets and establish a center of excellence to accelerate crypto‑agile readiness.

• Agentic AI demands cybersecurity oversight: Identify both sanctioned and unsanctioned AI agents, then enforce robust controls for each based on access and agency.

• Global regulatory volatility drives cyber resilience efforts: Treat compliance as a strategic advantage, not a checklist to drive cyber resilience.

• GenAI breaks traditional cybersecurity awareness tactics: Stop relying on general awareness and focus on adaptive training that provides visibility into individual employee behaviors.

How to Increase Board Confidence in Cybersecurity

Speakers: 

• Kristin Moyer, Distinguished VP Analyst, Gartner

Key takeaways

• Ninety percent of non-executive board directors lack confidence in cybersecurity value.

• The key to increase board confidence is to become a sense maker. Sense maker CIOs and CISOs have managed to earn their boards’ trust on “just right” levels of protection and cost.

• Fewer cybersecurity breaches won’t earn board trust – business alignment will.

• Being transparent about actual exposure levels and revealing uncomfortable truths builds board confidence.

• Real cybersecurity leadership means protecting what the organization values, from managing cost and reducing risk, to safeguarding revenue.

Outlook for Human Factors in Cybersecurity: Adapt to Optimise

Speakers: 

• Mia Yu, Director Analyst, Gartner

Key takeaways

• The greatest – and most neglected – opportunity to reduce cyber risk in any organization is harnessing the human element.

• Mounting pressure is driving employees to insecure behavior. Cybersecurity isn’t at the top of their minds and they’re looking for any way to make their lives easier, resulting in 41% intentionally bypassing cybersecurity controls.

• Burnout quietly shapes the daily reality of cybersecurity teams – how they respond to threats, enable secure design and control implementation. Those that don’t address it risk losing their most valuable assets and make their organizations more vulnerable.

• Only CISOs carry the triple AI mandate: secure AI, defend against AI-enabled attacks and use AI to do both. Upskilling isn’t optional; it’s the only way to survive this pressure.

• Employees are humans, not risks. Mindsets must change from treating them as risks and investing in them to become a more valuable part of the cybersecurity program.