Conference Updates

National Harbor, Md., June 8, 2022

Gartner Security & Risk Management Summit 2022 National Harbor: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 from the conference, we are highlighting the top trends in security and risk management, key drivers for CISO effectiveness and cybersecurity predictions for 2022-2023. Be sure to check this page throughout the day for updates.

Key Announcements

Top Trends in Security and Risk Management

Presented by Jay Heiser, VP Analyst, Gartner

There are numerous business, market and technology dynamics that security and risk management leaders cannot afford to ignore. In this presentation, Jay Heiser, VP Analyst at Gartner, highlighted the top trends which have the potential to transform the security ecosystem over the next one to three years.

Key Takeaways

  • Attack Surface Expansion. A dramatic increase in attack surface is emerging from changes in the use of digital systems, including new hybrid work, accelerating use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets, and greater use of operational technology.
  • Identity Threat Detection and Response (ITDR). ITDR describes the collection of tools and best practices to successfully defend identity systems from endemic levels of attacks.
  • Digital Supply Chain Risk. As widespread vulnerabilities such as URGENT/11 and Log4j spread throughout the supply chain via reuse across all types of technology stacks, more attacks will emerge.
  • Vendor Consolidation. Security technology convergence is accelerating, driven by the need to reduce complexity, leverage commonalities, reduce administration overhead and provide more effective security. 
  • Cybersecurity Mesh. Cybersecurity mesh creates and leverages interoperable connections between security tools to promote a consistent security posture, allowing tools to share and leverage security intelligence and apply a dynamic policy model. 
  • Distributing Decisions. By 2025, a single, centralized CISO will no longer be sufficient to manage the cybersecurity needs of a digital organization.
  • Beyond Awareness. Human errors continue to feature in the majority of data breaches, a clear signal that traditional approaches to security awareness training are no longer effective.

Learn more about the top trends in security and risk management for 2022 in the associated Gartner press release.

The Key Drivers for CISO Effectiveness

Presented by Christopher Mixter, VP, Research, Gartner

As digital business has propelled security and risk to become a boardroom issue, business units have increased their expectations of leadership. In this session, Christopher Mixter, VP, Research at Gartner shed light on the leadership traits that support a successful and balanced approach between business demands and leadership effectiveness.

Key Takeaways

  • “CISOs operate in a silo, and thus they are often overworked, met with unrealistic expectations and serve as a scapegoat. At the end of the day there is rarely anyone at the organization that shares the same accountability as the CISO does.”
  • “Gartner considers four key factors when evaluating CISO effectiveness: functional leadership, information security service delivery, enterprise responsiveness and scaled governance.”
  • “Few CISOs excel in every category, and in fact only 12% of CISOs that Gartner surveyed excel in all four categories of effectiveness.”
  • “Effective CISOs are far less likely to report business-disrupting security incidents or project delays due to information security, and on the personal side, fewer effective CISOs feel overwhelmed by security alerts or by stress at work.”
  • “There are 14 controllable differentiators of CISO effectiveness, which we’ve nested under four categories. An effective CISO is an executive influencer, a future-risk manager, a workforce architect and a stress navigator.” 
  • “We are seeing a great deal of experimentation as organizations realize that old org charts no longer fit new digital ecosystems.”

Learn more about how to be an effective chief security officer in the complimentary Gartner ebook Four Factors of Effective CISO Leadership.

The Top Cybersecurity Predictions for 2022-2023

Presented by Leigh McMullen, Distinguished VP Analyst at Gartner

As we look out over the next decade, some scenarios need to be seriously considered when strategizing the cybersecurity plan for organizations. In this session, Leigh McMullen, Distinguished VP Analyst at Gartner shared some of the top predictions for the next two years that security and risk management leaders should monitor to be successful in the digital era.

Key Takeaways

  • Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP: “Security and risk management leaders should enforce a comprehensive privacy standard in line with the GDPR. This will allow their businesses to differentiate themselves in an increasingly competitive market and grow unhindered.”
  • By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform: “Create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.”
  • 60% of organizations will embrace Zero Trust as a starting point for security by 2025. Over half will fail to realize benefits: “Communicate business relevance of ZT by aligning resilience and agility.”
  • By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements: “Leverage risk-based evaluations that highlight transparency and reward participants.” 
  • Through 2025, 30% of nation states will pass legislation that requires ransomware payments, fines and negotiations, up from less than 1% in 2021: “Recognize the impact of paying. Modern ransomware gangs have shifted to steal data as well as encrypt it. Payment means the stolen data won’t be published, but it may very well be sold or otherwise disclosed at a later date if the information has value.”

It’s not too late to join the conference!

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit

Media Contacts

It's not too late to join the conference

Latest Releases