Conference Updates

Sydney, June 21, 2022

Gartner Security & Risk Management Summit 2022, APAC: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in Sydney, Australia. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the opening keynote presentation on the top predictions for cybersecurity, as well as sessions on the outlook for security operations in 2022, what drives CISO effectiveness and how to communicate cyber risk with data.

Key Announcements

Opening Keynote: The Top Cybersecurity Predictions for 2022-2023

Presented by Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing Vice President at Gartner

As we look out over the next decade, what scenarios should security and risk management leaders consider in their organization’s cybersecurity strategy? In the opening keynote, Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing Vice President at Gartner shared the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.

Key Takeaways

  • Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP: “Security and risk management leaders should enforce a comprehensive privacy standard in line with the GDPR. This will allow their businesses to differentiate themselves in an increasingly competitive market and grow unhindered.”
  • By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform: “Create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.”
  • 60% of organizations will embrace Zero Trust as a starting point for security by 2025. Over half will fail to realize benefits: “Communicate business relevance of ZT by aligning resilience and agility.”
  • By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements: “Leverage risk-based evaluations that highlight transparency and reward participants.” 

Learn more from the Gartner Opening Keynote in the associated Gartner press release.

It’s not too late to join the conference!

Outlook for Security Operations 2022

Presented by Craig Lawson, VP Analyst, Gartner 

Security operations are undergoing a transformative change on who and when security is planned and delivered. In this session, Craig Lawson, VP Analyst at Gartner, explained which technologies, processes and services will have the biggest impact on how security operations are delivered in 2022.

Key Takeaways

  • Organizations should focus on three areas to drive their security operations strategy in 2022: 1) how to get value from threat intel and threat hunting, 2) focus visibility efforts to maximize exposure reduction, and 3) determine if automation and AI make sense for your security operations.
  • “Measuring threat intel sounds daunting, and it can be. But you can apply metrics to feeds to see how many actionable indicators they provide, and also measure the efficacy of intelligence applied to events and incidents that were true positive vs false positive.”
  • “Use threat intelligence to support hunting, either as the starting point or to fill in missing pieces. Formalize hunting as a core process of your SecOps program and set aside time on calendars to actually do it.”
  • “There are three pillars of exposure management - attack surface, vulnerability, and validation.”
  • Exposure management combines multiple approaches to optimize scope, automation and accuracy of the diagnostics. 
  • “Before buying into automation or AI solutions, you must have a process defined and something to measure to see value in your investments.”

The Key Drivers for CISO Effectiveness

Presented by Arthur Sivanathan, Director, Advisory, Gartner

As digital business has propelled security and risk to become a boardroom issue, business units have increased their expectations of leadership. In this session, Arthur Sivanathan, Director, Advisory at Gartner, shed light on the leadership traits that support a successful and balanced approach between business demands and leadership effectiveness.

Key Takeaways

  • “CISOs operate in a silo, and thus they are often overworked, met with unrealistic expectations and serve as a scapegoat. At the end of the day there is rarely anyone at the organization that shares the same accountability as the CISO does.”
  • “Gartner considers four key factors when evaluating CISO effectiveness: functional leadership, information security service delivery, enterprise responsiveness and scaled governance.”
  • “Few CISOs excel in every category, and in fact only 12% of CISOs that Gartner surveyed excel in all four categories of effectiveness.”
  • “Effective CISOs are far less likely to report business-disrupting security incidents or project delays due to information security, and on the personal side, fewer effective CISOs feel overwhelmed by security alerts or by stress at work.”
  • “There are 14 controllable differentiators of CISO effectiveness, which we’ve nested under four categories. An effective CISO is an executive influencer, a future-risk manager, a workforce architect and a stress navigator.” 
  • “We are seeing a great deal of experimentation as organizations realize that old org charts no longer fit new digital ecosystems.”

Learn more about how to be an effective chief security officer in the complimentary Gartner ebook Four Factors of Effective CISO Leadership.

Data Storytelling: A Better Way to Communicate Cyber Risk With Data

Presented by Claude Mandy, Senior Director Analyst, Gartner

Data storytelling offers a more engaging means of communicating risk than business intelligence reporting or data visualization alone. In this session, Claude Mandy, Senior Director Analyst at Gartner, explained what a data story is; when and how data storytelling should be used when communicating cyber risk; and what new skills and techniques are needed to create compelling data stories.

Key Takeaways

  • “Organizations are hard to change as they have ingrained cultures. To fix that you can't just appeal to the top of the organization, you have to change it all the way through, and that's where storytelling comes in.”
  • “Data stories help people to better engage with data. It is a simple formula for getting people to look and listen with an open mind. We are raised to consume narrative from childhood, so this is an intuitive approach for most people.”
  • Start by investigating how you can apply narrative techniques to cybersecurity data to help communicate cyber risk to decision makers in your organization.
  • Evaluate and experiment with the data storytelling capabilities of modern business intelligence platforms and cyber security performance management platforms. 
  • Prepare programs to develop and instill narrative skills within the cybersecurity team, including a virtual team of certified data storytellers. 
  • “Look for people who can tell a story rather than those who just take data out of security tools. It's about communication skills and being able to communicate to others.”
  • “Is your current reporting changing the hearts and minds of those in your organization? Just throwing statistics at them doesn't resonate. What’s in it for them? Think about what the audience cares about and use emotional triggers.”

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit

Media Contacts

It's not too late to join the conference

Latest Releases