Gartner Security & Risk Management Summit 2025 National Harbor: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the opening keynote, how to mitigate deepfake identity impersonation attacks and the future of AI in cybersecurity. Be sure to check this page throughout the day for updates.

• Gartner Identifies Strategic Focus Areas for CISOs Amid Rising Hype and Scrutiny
• Gartner Predicts that Guardian Agents will Capture 10-15% of the Agentic AI Market by 2030

Presented by Leigh McMullen, Distinguished VP Analyst and Gartner Fellow and Katell Thielemann, Distinguished VP Analyst at Gartner

Hype, whether driven by AI, emerging technologies, geopolitical changes or the latest headline-grabbing cyber attack, threatens to derail strategic objectives and the partnership between cybersecurity and the rest of the business. In this keynote, Leigh McMullen and Katell Thielemann, Distinguished VP Analysts at Gartner, discussed how CISOs can exploit hype's power to drive their cybersecurity program and the resilience of their organization.

• “There are three key areas to help anticipate the future needs of CISOs due to the increased hype and allow them meet the needs of today’s complex, fast and unpredictable reality.”
• Be Mission-Aligned: “When CISOs communicate in terms of protection levels and buying down exposure levels, they are less likely to get caught up in someone else’s marketing hype. This eventually helps CISOs prove that their cybersecurity efforts are aligned to their organization’s mission.”
• Be Innovation-Ready: “CISOs must cultivate AI literacy, experiment with AI in cybersecurity and protect AI investments in their organizations.”
• Be Change-Agile: “CISOS must be able to empower their teams to be part of the solution and feel agency. If CISOs’ teams feel agency, they will want to focus on automating repetitive tasks and developing new skills to fuel your growth as well as theirs, which in turn will make them resilient agents of change no matter what that change is.”

Journalists can read more in the press release “Gartner Identifies Three Areas for CISOs to Harness Increased Hype Around Cybersecurity.”

Presented by Akif Khan, VP Analyst, Gartner

Attackers are increasingly using deepfakes to bypass automated voice biometrics and identity verification, while security leaders face deepfake-enhanced social engineering, like impersonating executives to request money transfers. In this session, Akif Khan, VP Analyst at Gartner, discussed the current state-of-the-art in deepfake detection and approaches to mitigation.

• “GenAI-created deepfakes can be used by attackers to impersonate the identity of genuine customers or employees. Deepfakes can be combined with social engineering in calls to employees to try to trick them into helping the attackers achieve their goals.”
• “Deepfake voices are a threat to automated voice authentication. CISOs must check if their authentication vendors have native deepfake voice detection capability.”
• “Preventing deepfake identity impersonation attacks is not just about being able to detect the deepfake, as all risk signals are useful.”
• “Deepfakes and social engineering are a bad combination. CISOs must make their people and processes more resilient but stay aware of nascent technical solutions.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.

Presented by Jeremy D’Hoinne, Distinguished VP Analyst, Gartner

Gartner has outlined key AI predictions and current challenges, providing CISOs with actionable insights to build effective and resilient three-year roadmaps. In this session, Jeremy D’Hoinne, Distinguished VP Analyst at Gartner, discussed how to optimize AI initiatives for cybersecurity and adapt security programs to align with future business uses.

• “AI fatigue has led CISOs into a neglect phase, having lost trust in the providers’ ability to deliver. This means sidelining AI experiments and initiatives due to disillusionment and neglecting to reassess technological progress or to persevere with customization efforts.”
• AI security will be a core responsibility for CISOs: “By 2028, 80% of digital workers will use multimodal interfaces with generative AI, significantly improving task efficiency and workplace accessibility.”
• AI agents might help, but the jury is still out: “By 2027, 90% of successful AI implementation in cybersecurity will be tactical — task automation and process augmentations — rather than role replacing.”
• “CISOs must defend increased investments, work on compressed time horizons, and measure on outcomes.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.