While information-centric security practice is still the dominant responsibility of most security organizations today, it doesn’t take into account the increasing impact of technology use in other areas of business, both by the organization and by the supply chains that service them. As IT security requirements grow to encompass the “edge” of most organizations, broader cybersecurity needs grow to include cyberphysical needs, as well.

Digital business offers enterprises unprecedented opportunities, along with new risks. Two key characteristics of digital business are challenging conventional IT control:

  • As the business claims increasing autonomy in deploying new digital technologies, it degrades the authority of the central IT organization.
  • The dramatic increase in the number of elements (for example, systems, devices, things, data and dynamic relationships) exposes scalability issues with many traditional security control solutions.

This reality challenges the status quo in information risk and security management. Many conventions and technologies on which risk and security practices have been based do not scale in the new reality. 

Gartner Security and Risk Predicts

  • By 2020, over 25% of identified attacks in enterprises will involve IoT, though IoT will account for less than 10% of IT security budgets.
  • By 2020, IT-sponsored information security programs will suffer three times as many significant breaches as those sponsored by business leaders.
  • By 2020, security skill management programs that include experimental recruitment and talent retention practices will rise to 20%, which is an increase from 2% in 2016.
  • By 2020, 25% of IT security organizations will restructure based on the influence of cyberphysical systems and the Internet of Things (IoT), up from less than 5% today.
  • By 2020, 60% of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.

Q&A with Gartner expert Tom Scholtz, Distinguished VP Analyst on security, risk and compliance

Security and risk practices continue to evolve in line with digitalization. Technologies such as artificial intelligence (AI) and machine learning, robotic process automation and the Internet of Things (IoT) offer both new risks and new opportunities to security and risk leaders. From a cyber risk perspective, acceptance of cloud computing has reached a tipping point as enterprises formalize their cloud security strategies.

Some organizations still believe cybersecurity can be effectively addressed through technology alone. Furthermore, many organizations equate regulatory or standards compliance with effective cybersecurity.

... not be able to either compete in their markets or deliver satisfactory services to their citizens.

Security, risk and compliance spotlight sessions from 2019:

Five Questions on Security and Risk That CIOs Must Be Prepared to Answer at Your Board Meetings!  Prateek Bhajanka, Principal Analyst, Gartner

The Leadership Vision for Security and Risk Management — 2019 to 2020  Rajpreet Kaur, Principal Analyst, Gartner

Effectively Communicate Security to Your Board of Directors and C-Suite  Prateek Bhajanka, Principal Analyst, Gartner