Conference Updates

London, September 12, 2022

Gartner Security & Risk Management Summit 2022 London: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in London. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting Gartner’s top cybersecurity predictions for 2022 and 2023, sharing fundamental management processes for successfully managing cyber and IT risks, and exploring the risks associated with public cloud service providers. Be sure to check this page throughout the day for updates.

Key Announcements

Opening Keynote: The Top Cybersecurity Predictions for 2022-2023

Presented by Katell Thielemann and Nader Henein, VP Analysts, Gartner

As we look out over the next decade, what scenarios should security and risk management leaders consider in their organization’s cybersecurity strategy? In the opening keynote, Katell Thielemann and Nader Henein, VP Analysts at Gartner shared the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.

Key Takeaways

  • Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP: “Security and risk management leaders should enforce a comprehensive privacy standard in line with the GDPR. This will allow their businesses to differentiate themselves in an increasingly competitive market and grow unhindered.”

  • By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform: “Create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.”

  • 60% of organizations will embrace Zero Trust as a starting point for security by 2025. Over half will fail to realize benefits: “Communicate business relevance of ZT by aligning resilience and agility.”

  • By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements: “Leverage risk-based evaluations that highlight transparency and reward participants.” 

  • Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021: “Recognize the impact of paying. Modern ransomware gangs have shifted to steal data as well as encrypt it. Payment means the stolen data won’t be published, but it may very well be sold or otherwise disclosed at a later date if the information has value.”

It’s not too late to join the conference!

10 Cyber and IT Risk Fundamentals You Must Get Right

Presented by Jie Zhang, VP Analyst, Gartner

Security and risk management (SRM) leaders struggle to mature their cyber and IT risk management practices beyond conducting risk assessments. In this session, Jie Zhang, VP Analyst at Gartner, shared 10 fundamental risk management processes that are essential to SRM leaders to manage their organization’s cyber and IT risk.

Key Takeaways

  • “Using the same framework to assess current risk and risk of new projects is not sustainable.”
  • There are 10 fundamental risk management processes that SRM leaders can follow to ensure success of their organization’s cyber and IT risk management:

  • #1 Identify Control Requirements

  • #2 Conduct Business Impact Analysis

  • #3 Define Risk Parameters and Risk Management Strategy

  • #4 Conduct Risk Assessment and Evaluate Controls

  • #5 Document Risks In a Risk Register and Continual Communication

  • #6 Embed Risk Assessment, Security Testing and Governance in Project Lifecycle

  • #7 Invest in Technical Debt Reduction

  • #8 Identify Scope

  • #9 Monitor Loss Exposures and Other Indicators

  • #10 Embed an Organizational Wide Attitude to Risk Treatment

  • “Long-term success of these processes can only be achieved when risk management increases the likelihood of the organization achieving its key strategic goals and objectives.”

  • “Risk management needs to be embedded in all strategic decision making, across all organizational processes.”

Outlook for Cloud Security

Presented by Charlie Winckless, Senior Director Analyst, Gartner

Cloud security remains a top priority, but there are many unique risks associated with public cloud service providers. In this session, Charlie Winckless, Senior Director Analyst at Gartner, summarized the problems, recommended processes and new product types to address the key security challenges of infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS).

Key Takeaways

  • “Many organizations started leveraging traditional security products in the cloud in the early cloud adoption phase. This approach can work in the short term, but as application and DevOps teams adopt cloud-native services, traditional security products are not able to address these use cases.”

  • “Cloud-native security needs to address runtime protection, cloud configuration, artifact scanning and DevSecOps enablement.”

  • “Born in the cloud enterprises and their security investments can be a guide to the future state of security.”

  • “Align security with the underlying architecture and business criticality. One size does not fit all.”

  • “Cloud security capabilities are likely newer and more versatile, so apply these to your on-premises systems where suitable.”

  • “Looking ahead on the horizon of cloud security, new technologies and trends that may emerge include cloud providers becoming security providers, security or policy as code, data and cloud sovereignty, confidential computing and more.”

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit

Media Contacts

It's not too late to join the conference

Latest Releases