Gartner Security & Risk Management Summit 2025 India: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in India. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 of the conference, we are highlighting the Gartner opening keynote, discussing how to protect APIs from security breaches, and exploring how integrating identity hygiene, security posture management, and identity threat detection and response can enhance organizational resilience. Be sure to check this page throughout the day for updates.

• Gartner Forecasts Spending on Information Security in India to Grow 16% in 2025

Presented by Deepti Gopal, Director Analyst, Gartner and Dennis Xu, VP Analyst, Gartner

In today’s fast-paced environment, hype — whether fueled by AI, emerging technologies, or the latest cyber attack — can pose a significant risk to strategic business objectives and the crucial partnership between cybersecurity and the broader business. In this session, Deepti Gopal, Director Analyst at Gartner, and Dennis Xu, VP Analyst at Gartner, explored how chief information security officers (CISOs) can exploit the power of hype to drive innovative and adaptable cybersecurity programs.

• “Hype can drive organizations to overinvest in unproven technologies or cause cyber and risk teams to slow down excessively, risking missed market opportunities. However, hype often contains a kernel of truth and signals change that cannot be ignored.”

• “Organizations are investing in hyped, cutting-edge technologies like generative AI, and the CISO plays a crucial role in balancing innovation’s rewards and risks by guiding intelligent risk-taking.”

• “ODMs facilitate communication and agreement on protection levels with the business, enabling CISOs to harness hype and deliver mission-driven outcomes.”

• “To harness the hype around AI, build AI literacy with a beginner’s mind, foster critical thinking, and develop AI champions to spearhead AI initiatives.”

• “In cybersecurity, skills shortage and burnout create a vicious cycle, exacerbated by the constant influx of hype that overwhelms teams with change and disruption. Change management and learning agility can help harness this hype, ensuring team resilience.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Sonika Choubey at sonika.choubey@gartner.com

Presented by William Dupre, VP Analyst, Gartner

Cybersecurity attacks leveraging application programming interfaces (APIs) as an attack vector pose a significant threat to organizations and their sensitive data. In this session, William Dupre, VP Analyst at Gartner, discussed strategies for executing API security projects.

• “API security breaches are a major concern among organizations, as an average API breach leads to at least 10 times more leaked data than an average security breach, causing more damage.”

• “AI and APIs have a symbiotic relationship, with APIs playing a crucial role in training AI models. This makes securing APIs essential to protect AI systems from unauthorized access and data breaches.”

• Gartner highlighted five steps for setting up an effective API security program:

  • Discovery: Inventory all first-and third-party APIs.
  • Posture Management: Identify misconfigurations and prioritize remediations.
  • Testing: Detect API vulnerabilities through testing techniques.
  • Runtime Protection: Monitor for malicious or suspicious behavior in API traffic.
  • Access Control: Implement fine-grained API access control.

• “Begin API discovery and posture management with a focus on access control issues.”

• “Anticipate and prepare for the additional workload that comes with implementing behavior-based API runtime protection.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Sonika Choubey at sonika.choubey@gartner.com

Presented by Abhyuday Data, Director Analyst, Gartner

As identity becomes a cornerstone of business enablement, it simultaneously expands the attack surface, making it the leading vector for breaches and highlighting the need for identity-first security. In this session, Abhyuday Data, Director Analyst at Gartner, discussed how integrating identity hygiene, security posture management, and identity threat detection and response (ITDR) can enhance organizational resilience.

• “The legacy approach to identity and access management (IAM) fails to address security risk pervasively or in real-time, prompting leaders to shift investments to identity-first security.”

• “Cyberattacks often begin by targeting the identity infrastructure, requiring a defense-in-depth approach to IAM infrastructure that includes prevention, detection, and response.”

• “Security leadership must understand ITDR as a security discipline and reach a consensus on who will serve as the ITDR owner or facilitator.”

• “An IAM leader is accountable for connecting the ITDR initiative into the larger IAM program and deriving business value from it.”

• “Collaborate with security and business teams to leverage insights from various tools, address high-risk issues, and understand their use of identity to explore intersection points.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Sonika Choubey at sonika.choubey@gartner.com