Gartner Newsroom

"Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organizations to function as a trusted participant in the digital economy."

"The ongoing digitalization of physical systems is increasing physical risks. To more systematically address physical risks and cyber-physical risk, leading organizations are restructuring security governance and realigning organizations." 

"Security leaders must lead the charge in accelerating digital business; managing the risks in both volume and impact; responding with agility in both proactive and reactive matters and maturing processes; while implementing cost optimization and evaluating investments in technologies and services."

"CISOs have a unique ability to give business executives the insights and tools to help them balance risk with the potential opportunity for digital transformation."

"The accelerated adoption of digital transformation means that interacting with clients and citizens will highlight the potential need for establishing dedicated digital trust and safety teams in enterprises."

"The ability for CISOs to communicate the real impacts of change and chaos, or in other words to achieve just the right level of balance, is critical to set and manage organizational risk appetite and capitalize on opportunity."

Learn more from the Gartner Opening Keynote in the Gartner press release "Gartner Says Security & Risk Leaders Must Balance Risk, Trust and Opportunity to Succeed in Uncertain Times."

Securing Your Remote Workforce: “Securing your remote workforce has now become the single greatest existential imperative for all organizations in the wake of COVID-19.” 

Risk-Based Vulnerability Management. “Despite our best efforts, our systems are never going to be 100% patched.” Focus on systems and vulnerabilities with higher risk by applying context and threat intelligence to vulnerability data.

Platform Approach to Detection and Response: Improve detection accuracy, threat containment, and the overall incident management program using emerging extended detection and response (XDR) products, which attempt to consolidate multiple security products into a cohesive platform.

Cloud Security Posture Management (CSPM) and Simplify Cloud Access Controls: As cloud applications are extremely dynamic, security professionals find them difficult to secure. Ensure common controls across IaaS and PaaS, while also developing a central location for policy and governance across multiple cloud services.

Domain-Based Message Authentication, Reporting & Conformance (DMARC): “DMARC is by no means a silver bullet or a complete answer for email security; however, it can provide an additional level of trust and verification with the sender’s domain.” 

Passwordless Authentication: “Although complete elimination of passwords is still far off, reducing reliance on them increases trust and improves the user experience.”

Other security projects to focus on include Data Classification and Protection, Workforce Competencies Assessment, and Security Risk Assessment Automation.

“Creating a strong privacy program means having an understanding of three things: 1) the current regulatory landscape, 2) the technology capabilities that support it and 3) the best practices that give control back to customers.”

“COVID-19 highlighted the maturity of the framework established by the General Data Protection Regulation (GDPR). This has made a noticeable difference to global privacy.”

“While it is important for organizations to start the privacy discovery process manually to get a feel for the complexity within their data, it becomes quickly evident that there is a need for automation to deliver scale.”

“One key success factor for a privacy program is the partnerships built with other organizational teams. Connect with your chief data officer (CDO) to understand what data is being used and how you can support them with privacy-preserving alternatives.” 

“Privacy is deeply personal.”

“As you gain control over the data you process and turn it back over to consumers, compliance is no longer just a goal. It becomes part of the ethical fabric of your business.”

Learn more in the Gartner press release "Gartner Says By 2023, 65% of the World’s Population Will Have Its Personal Data Covered Under Modern Privacy Regulations."

“Most Gartner clients have not yet experienced serious budget cutbacks that impact security programs, but some have, and there is potential for more.”

“Almost four in ten CISOs are working more than 50 hours a week, but it’s not practical to do it all. By 2021, a third of security programs will incorporate at least two new roles, which may or may not sit in your team. Do you need a security ombudsman, business liaison or digital ecosystem manager?”

“The cybersecurity jobs market continues to be strong. This means the skills you need can’t be bought, so you need to develop expertise in-house, and that should be part of your strategic plan.”

“Security programs traditionally delivered confidentiality, integrity and availability. They should now also include privacy, digital resilience and personal safety.”

“Help your business partners to use good ‘cyber judgement’, that is, to recognize the IT risk implications of their choices and take responsibility for making good decisions.”

“Explain risks in terms of a business problem, such as loss of intellectual property, downtime or reputational damage. Then outline how you address those risks, for example, through sensitive data protection, resilience of critical systems and robust crisis and incident response.”

“Greater uncertainty and complexity have created a need for greater risk agility.”

Gartner recommends an annual strategy planning project, reviewed quarterly.

You can visit the Gartner Newsroom to find additional news and highlights from the Gartner Security & Risk Management Summit this week.