Gartner Security & Risk Management Summit 2024 National Harbor: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the Gartner opening keynote presentation on augmented cybersecurity, as well as the future outlooks of privacy and top predictions for cybersecurity. Be sure to check this page throughout the day for updates.

• Gartner Identifies Three Areas for CISOs to Augment Their Cybersecurity Approach

Presented by Christopher Mixter, VP Analyst, Gartner and Dennis Xu, VP Analyst, Gartner

Chief information security officers (CISOs) who elevate response and recovery to equal status with prevention are generating more value than those who adhere to out-dated zero tolerance for failure mindsets. In this session, Christopher Mixter and Dennis Xu, VP Analysts at Gartner, discussed activities for CISOs to begin the journey toward augmented cybersecurity, Gartner’s label for a cybersecurity function that has elevated response and recovery to equal status with prevention.

• “To begin the journey toward augmented cybersecurity, CISOs should prioritize three areas of activity: building cyber fault tolerance in the business, streamlining to a minimum effective cyber toolset, and building a resilient cyber workforce."
• “CISOs should be guiding the sponsors of third-party partners to create a formal third-party contingency plan, including things like an exit strategy, alternative suppliers list, and incident response playbooks."
  
• "CISOs tabletop everything else. It’s time to bring tabletop exercises to third-party cyber risk management.”
  
• “CISOs must break the cycle of gear acquisition syndrome that inhibits their ability to thrive by embracing an ethos of adopting the fewest number of tools required to observe, defend and respond to exploitations of the organization’s exposures.”
• “CISOs and their teams often have a heroism mindset. They feel they must avoid bad outcomes at all costs, even at the expense of their health. They need innovation, experimentation, and engagement from their people more than ever, but the way they ask their people to operate often has the opposite effect.” 

Learn more in the Gartner press release “Gartner Identifies Three Areas for CISOs to Augment Their Cybersecurity Approach.”

Presented by Bart Willemsen, VP Analyst, Gartner

Privacy has been the biggest catalyst for change in data governance recently and best practices can be applied to non-personal data too. In this session, Bart Willemsen, VP Analyst at Gartner, discussed the three major issues for privacy in the enterprise.

• “Privacy is not primarily about data, but about the people behind that data. Privacy is personal.”

• “Privacy is attacked from several sides: if it’s not a government surveillance program or big tech organizations surveilling individuals in-depth, it’s an abundance of criminal activities”

• “Have purpose-driven decisions become a consistent factor ingrained in how you exercise data governance. Admit where you come from now if you have to, but ensure coordination across the organization so each obtains the technical capabilities they are responsible for, while ensuring interoperability for the entire program with other stakeholders’ needs.”

• “Intensify stakeholder collaborations — privacy is an “all-of-company” effort.”

• “Privacy controls should be embedded by default. CISOs must “rinse and repeat” until it becomes standard.”

Presented by Oscar Isaka, Sr Director Analyst, Gartner

Every year, Gartner produces impactful predictions for chief information security officers (CISOs) and their teams as they face disruptions across cybersecurity. In this session, Oscar Isaka, Sr Director Analyst at Gartner, discussed the top predictions that CISOs should monitor to be successful in the digital era, especially as most recognize that global change could potentially be one crisis away.

• “These predictions will likely not happen in isolation or sequentially. They will likely happen in parallel and at various degrees/points in their timelines.”

• “By 2028, enterprise spend on battling malinformation will surpass $500 billion, cannibalizing 50% of marketing and cybersecurity budgets. CISOs must ensure the company’s primary focus is on detection and response to malinformation by consistently raising the issue before the board and executive committee.”

• “By 2028, the adoption of GenAI will collapse the skills gap, removing the need for specialized education from 50% of entry-level cybersecurity positions. Organizations must invest in generative augments that support the users as they work, rather than conversational bots that require the user to stop and chat.”

• “Through 2026, 75% of organizations will exclude unmanaged, legacy and cyber-physical systems from their zero-trust strategies. CISOs should apply the basics of a zero-trust philosophy, but tailor to non-IT environments.”

• “By 2026, enterprises combining GenAI with an integrated platforms-based architecture in security behavior and culture programs will experience 40% fewer employee-driven cybersecurity incidents. CISOs should help to pilot GenAI capabilities augmented by data from multiple sources.”