Gartner Newsroom

Key Takeaways

• “An ideal sound bite makes points that are simultaneously informative, interesting, and ideally makes you smile.”
• “If you want people to absorb something that’s data driven, communicate it in a way that’s not data heavy. Humans want stories.”
• “Being open to new viewpoints starts with the people in charge recognizing that they could be wrong. Differences in views almost always lead to better, more informed decisions.”
• “There is a saying, ‘Never take car buying advice from your parents’ and it is particularly relevant to this audience as things cannot be time tested in a field that evolves as quickly as IT, security and risk management.”
• “At times, rules constrain creativity and constrict the next steps you might take, despite bringing order to what may have previously been chaos. Rules don’t think of everything.”

Key Takeaways

• “The pandemic arrived at a time when economies were already on the edge.” Business and government leaders were tiptoeing over cracks in the economic wall to sustain growth, but COVID-19 took a wrecking ball to that strategy. 
• “There are three things we know: we’re in this for the long haul, right now there are more questions than there are answers, but resilience must be deliberately designed.” 
• Business continuity management is the foundation of every resilience program.
• “We will see remote work remain. 48% of employees are working remotely now, versus 30% before the pandemic, and 82% of organizations are planning to allow their employees to continue working from home at some level.” 
• Twenty-eight percent of organizations expect to create a resilience role in response to COVID-19. 
• Physical/social distancing is here to stay. In addition to staggered returns to the office, facilities changes to improve resilience may include repurposed meeting spaces, reconfigured workstations, touchless doors, smart parking and more. 
• “Robotics are being used to help with talent and labor shortages, plus all of those digital initiatives that we’re starting to implement.” Other technology changes have included a shift of applications and IT services to the cloud, and a drive for increased data collection.
• With 69% of security budgets having no change or a decrease, security leaders are looking at how to expand remote access, remote work infrastructure and associated processes. Security spending hotspots post-COVID-19 include secure access service edge, securing artificial intelligence, identity and access management and extended threat intelligence, detection and response.

Key Takeaways

• “There is a talent pipeline issue in IT professions including security and risk management. For instance, women obtain less technical degrees on average and it takes them longer to get into IT management positions.”

• “Three constructs to create a talent pipeline are 1) Build, or hire 2) Velocity, or develop and grow and 3) Attrition, or gracefully exit.”

• “Get creative in attracting women to your organization by developing better job descriptions, making internships available, and having a diverse interview panel.”

• “Generate velocity for women by making it easy for them to participate in networking groups and offering them positions on high visibility projects to expand their experience.”

• “Behaviors that marginalize women include unequal personality trait assessment, using gender-biased language, and ignoring them, among others. These are the biggest detractors of retaining women in organizations.”

• “Embrace diversity and inclusion norms such as  listening generously and taking turns. They let people know acceptable sets of behaviors but more importantly, they make it easier to confront people on unacceptable behaviors.”

• “Make a difference to women in IT by turning efforts to increase and retain their presence in your organization into a comprehensive program.”

Key Takeaways

• “Security and risk leaders should follow five simple steps to create a concise cybersecurity strategy: 1) Start with your business goals; 2) Identify your risks; 3) Make the risks real; 4) Articulate the program objectives; 5) Map strategy to tactics.”

• “Always start with your business goals. This seems so obvious, but is so often missed.”

• “Identify 8-10 risks. Too many risks is not digestible.”

• “Make the risks real to your audience. We know many things, but the things we feel are the things we act upon.”

• “Align risks to a set of six core security and risk management program principles: 1) Implement proactive risk management; 2) Protect our information; 3) Improve resiliency and recoverability; 4) Deploy robust crisis and incident management; 5) Prepare for digital business; 6) Mature governance.”

• “Always look to the future. Strategic planning is not something to be done once and then forgotten.”

You can visit the Gartner Newsroom to find additional news and highlights from the Gartner Security & Risk Management Summit this week.