“Zero trust is a fraction of the security program.”

“A zero trust strategy must drive risk-based tactical decisions.”

“Zero trust is a spectrum, each step adds value.”

By 2026, 10% of large enterprises will have a mature and measurable zero-trust program in place, up from less than 1% today, according to Gartner.

• Zero Trust programs must be planned and measured to be effective and reach the right level of maturity.

Gartner predicts through 2026, more than half of cyber attacks will be aimed at areas that zero trust controls don’t cover and cannot mitigate.

By 2027, Gartner predicts 20% of organizations will shortlist the same vendor for ZTNA and micro segmentation, up from less than 5% in 2022.

• Zero trust policy consolidation will greatly improve operational visibility and control.

“Don’t apply zero trust to everything if it’s not warranted. Zero trust decisions should be based on the business risk appetite and controls should be applied to specific use cases where the risk mitigation outweighs the cost of operation.”

By 2024, modern privacy regulation will blanket the majority of consumer data, but less than 10% of organizations will have successfully weaponized privacy as a competitive advantage: “Enforce a comprehensive privacy standard for handling personal information to differentiate in an increasingly competitive market and grow unhindered.”

Through 2027, 50% of CISOs will formally adopt human-centric design practices into their cybersecurity programs to minimize operational friction and maximize control adoption: “Start by identifying security initiatives for potential proof of concept projects where these practices can be introduced.”

By 2025, 50% of cybersecurity leaders will have tried, unsuccessfully, to use cyber risk quantification to drive enterprise decision-making: “Focus your firepower on quantification that decision makers ask for instead of producing self-directed analyses you then have to persuade the business to care about.”

By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors: “While eliminating stress is unrealistic, people can manage incredibly challenging and stressful jobs in cultures where they are supported. Changing the rules of engagement to foster cultural shifts will help.”

By 2026, 10% of large enterprises will have a comprehensive, mature and measurable zero-trust program in place, up from less than 1% today: “Starting small, an ever evolving zero-trust mindset makes it easier to better grasp the benefits of a program and manage some of the complexity one step at a time. Done is better than perfect.”

Learn more in the Gartner press release, “Gartner Unveils Top Eight Cybersecurity Predictions for 2023-2024.”

“Businesses are implementing some changes in their cybersecurity operating model.”

“Decision rights are centralizing and accountability is decentralizing.”

“Cybersecurity risk decision rights have become more centralized in an enterprise security steering committee to drive consistency in cybersec policies, processes and operations.”

“Accountability is decentralized to facilitate business ownership of cybersecurity risk.”

“CISOs are implementing new processes (e.g., third-party risk), teams (e.g., cloud security) and policies for new domains.”

“CISOs are liberalizing policy regimes.”

“CISOs’ roles are shifting as a result of these changes. The CISOs’ role is evolving from that of being a cybersecurity control owner to that of a cybersecurity risk decision facilitator.”