Conference Updates

LONDON, U.K., September 14, 2022

Gartner Security & Risk Management Summit 2022 London: Day 3 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in London. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights here from Day 1 and Day 2.

On Day 3 from the conference, we are discussing the privacy landscape, exploring top tips to report to business leaders, and explaining the state of identity proofing and affirmation. Be sure to check this page throughout the day for updates.

Key Announcements

Stop Reporting Operational Metrics to the C-Suite, Really … Stop

Presented by Sam Olyaei, VP Team Manager, Gartner

CISOs keep generating detailed charts, dump them into 50-page slide decks and throw them at other executives, hoping they understand them ... or even care. In this session, Sam Olyaei, VP Team Manager at Gartner, explored the messages that resonate best when reporting to executives; the most effective way to structure these metrics; and how operational metrics can be made more palatable if they must be used.

Key Takeaways

  • “Having a good cybersecurity program and strategy that is linked to the organization’s goals and objectives assists in building out your metrics program. It lays the foundation for reporting to your C-Suite in terms they are most familiar with … business terms.”

  • “Add context so your audience understands what the data represents. If metrics need to be explained every time you present them or your audience inherently has the question “so what?’ in their heads, they haven’t been properly structured or contextualized.” 

  • “Executives don’t intuitively see the connection between technical security data points and the business outcomes that leadership is responsible for achieving. Providing them with multiple technical data points isn’t effective at driving decision making.”

  • “Identify and communicate business relevant metrics that will enable you to demonstrate the value of the activities and show improvements over time.”

  • “Metrics must be measurable in a cost-effective manner. The higher the effort or cost it requires to identify, track and report these metrics, the less likely they are to become a part of the governance and decision-making framework in the organization.”

  • “Make sure your metrics drive action. Define a clear way forward and next steps or recommendations for your audience. A report that doesn’t help make these decisions isn’t useful.”

  • “Change the narrative by ensuring metrics clearly connect to business outcomes, tailoring a story to your specific audience and engaging your audience in actively managing its information risk.”

It’s not too late to join the conference!

Outlook for Privacy, 2022-2023

Presented by Nader Henein, VP Analyst, Gartner

Privacy is profoundly impacting digital transformation priorities and lies at the core as organizations build new engagement models with consumers and relationships with employees. In this session, Nader Henein, VP Analyst at Gartner, discussed the regulatory and technology evolutions emerging in the privacy landscape in 2022 and beyond.

Key Takeaways

  • “The privacy regulatory landscape is getting more and more complicated, and in the face of such pressures, organizations cannot afford to be simply chasing compliance using checklists. You must evolve and become efficient and effective.”
  • “With an average budget of $2.2 million, the privacy office is unlikely to be able to afford a lot on its own, so privacy leaders must be selective and get other business units on board.”

  • “Identify the key people who help drive your privacy program forward, then figure out key priorities for these stakeholders over the next two to three years and see if you can find one or more capabilities that align with those initiatives.”

  • “Like a timer or some type of fitness tracker, privacy controls are data centric tools that draw insights and enable control at the data level, such as automated data discovery and mapping tools.”

  • “Sometimes called privacy platforms, privacy management tools and are intended to be the central repository for your compliance related documentation. These tools can help conduct risk assessments, document records of processing activities or build reports about the privacy program.”

  • Privacy user experience consists of a suite of capabilities that present and manage notices and policy statements, as well as record consent and preferences provided by customers, and handle subject rights requests submitted.”

Can You Prove Someone’s Identity Online?

Presented by Akif Khan, VP Analyst, Gartner

When doing business in an online environment the challenge of identity proofing a person becomes more complex. In this session, Akif Khan, VP Analyst at Gartner, explained the current state of identity proofing and affirmation.

Key Takeaways

  • “Establishing trust in your user's identity is often a critical aspect of doing business.”

  • “Identity fraud and synthetic identity fraud continue to plague clients across industries.”

  • “Identity proofing and/or affirmation techniques are used in a broad range of use cases today.”

  • “Use an orchestration platform to manage the convergence of identity, fraud and authentication capabilities across the UX.”

  • “Integrate identity proofing into broader security programs such as threat intelligence and insider risk detection.”

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit

Media Contacts

It's not too late to join the conference

Latest Releases