Gartner Security & Risk Management Summit 2025, Sydney: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in Sydney, Australia. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the main impacts of generative AI on CISOs; practical zero trust; and how to tackle machine identity management.

• Gartner Unveils the Top Cybersecurity Trends for 2025

Presented by Pete Shoard, VP Analyst, Gartner

ChatGPT and large language models are the early signs of how generative AI (GenAI) will shape many business processes. In this session, Pete Shoard, VP Analyst at Gartner, outlined the main impacts of GenAI on CISOs and their teams. Specifically the need to secure how their organization builds and consumes GenAI, and navigates its impacts on cybersecurity.

• “Maximize the benefits of GenAI, exploiting opportunities to improve security and risk management, optimize resources, defend against emerging attack techniques or even reduce costs.”
• “Anticipate GenAI attacks. Adapt to malicious actors evolving their techniques, or even exploiting new attack vectors from developments in GenAI tools and techniques.”
• “Build GenAI securely. These applications have an expanded attack surface and pose new potential risks that require adjustments to existing application security practices.”
• “Manage and monitor how GenAI is consumed — from the everyday use of AI, through to employees using it without the organization’s knowledge. GenAI applications all have unique security requirements that aren’t fulfilled by legacy security controls.”
• “Enforce everyday AI policies and monitor for abnormal behaviors, focusing on deepfakes and social engineering as urgent problems to solve. Apply AI TRiSM to AI applications, covering all first and third-party attack surfaces.” 

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Emma Keen at emma.keen@gartner.com.

Presented by Charlie Winckless, VP Analyst, Gartner

Many organizations are either considering the adoption of a zero trust initiative, developing a strategy or trying to implement it. In this session, Charlie Winckless, VP Analyst at Gartner, addressed the practicalities of getting started with zero trust, as well as some potential shortfalls and risks.

• “Avoid applying zero trust to every aspect of an organization, as there are diminishing returns. Instead, build a posture that is optimized for the organization."
• “Identity and context are the foundations of zero trust. It won’t succeed without them, nor can the level of risk or the measure of success be determined.”
• “The main goal should be to limit the attack surface of an organization’s most critical applications. Build a dynamic context-aware authentication model — then authenticate and connect regardless of resource location.”
• “One of the key zero trust principles is to have the mindset that assumes the presence of hostile actors. That means controlling more than user traffic."
• “There needs to be enough trust to allow the business to function, but lower the risk of a scenario where business operations are disrupted or halted.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Emma Keen at emma.keen@gartner.com.

Presented by Felix Gaehtgens, VP Analyst, Gartner

Most machines have at least one identity, but very few organizations have a comprehensive machine identity and access management (IAM) strategy. In this session, Felix Gaehtgens, VP Analyst at Gartner, discussed the complexities of machine IAM, how organizations can establish a strategy and what essential capabilities to include.

• “Machine IAM is very different from human IAM. It is complex and requires multiple approaches, tools and significant focus.”
• “Managing machine identities is not a small project. Establish a long-term working group with multiple stakeholders, get funding, define use cases and build capabilities.”
• “Build essential machine IAM capabilities while focusing on discovery, governance and automation. Plan for removing or minimizing the need for static secrets, which are inherently insecure and difficult to mitigate.”
•  “Get funding by building convincing arguments that focus on risk reduction, compliance, business enablement and cost efficiency.”
• “Continue building capabilities across distinct machine identity types by prioritizing risk, existing technology and process maturity.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Emma Keen at emma.keen@gartner.com.