Gartner Security & Risk Management Summit 2025 National Harbor: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 2 from the conference, we are highlighting the what CISOs are doing right and wrong with data security, the top cybersecurity projects of 2025 and the outlook for application security in 2025. Be sure to check this page throughout the day for updates.

• Gartner Identifies Strategic Focus Areas for CISOs Amid Rising Hype and Scrutiny
• Gartner Predicts that Guardian Agents will Capture 10-15% of the Agentic AI Market by 2030

Presented by Mike Huskey, Director Analyst, Gartner

Trying to implement data security without the business buy-in is a challenge which complicates efforts in an already difficult endeavor. In this session, Mike Huskey, Director Analyst at Gartner, explained data security governance; showing how traditional data security approaches are too static and demonstrating how security leaders can develop adaptive data security governance.

• “Most security leaders struggle to balance data security and business enablement goals, with only one in seven effectively achieving both.”
• “Technology complexity is a minor inconvenience to security leaders compared to the impacts from inadequate budget/resources and conflicting priorities of different internal teams/functions.”
• “We need governance for data security that does not collapse under stress: we need data security governance that can fluidly adapt to the stress posed by it on the business.”
• “Adaptive data security governance enables the business to make decisions based on rules or policies, business outcomes, agile methodologies, or autonomous decision making. It is a journey, with facets of agility- and autonomy-based data security governance building up over time.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.

Presented by Wayne Hankins, Sr. Director Advisor, Gartner

Security and risk management leaders should implement or improve upon the top eight security projects in 2025. In this session, Wayne Hankins, Sr. Director Advisor at Gartner, demonstrated how the projects selected are supported by technologies available today, address the changing needs of cybersecurity and prepare for the continued adoption of AI technologies.

• Develop an Actionable Zero-Trust Strategy: “Developing a zero-trust strategy is crucial for transforming cybersecurity. By adopting this approach, organizations can enhance their security posture, limit access to sensitive data, and ultimately deliver greater business value. Zero-trust principles ensure that no user or device is inherently trusted, requiring continuous verification and monitoring.”
• Embed Cybersecurity Consideration Into GenAI Governance: “Implement strong security guardrails for GenAI to protect technology and maintain stakeholder trust.”
• Capitalize on Cyberstorage Capabilities to Increase Cyber Resilience: “Implement proactive cyberstorage solution to defend against threats, replace reactive backups and ensure compliance."
• Facilitate Preparations of Unstructured Data for GenAI Adoption: “Enforce security to prevent GenAI data breaches; classify, catalog and secure sensitive information to ensure compliance.”
• Rebrand Security Across Internal Stakeholders: “Rebrand cybersecurity as a strategic partner, shifting perceptions from barrier to enabler, supporting business outcomes proactively.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.

Presented by Dionisio Zumerle, VP Analyst, Gartner

Major changes in application architectures, roles, and attacks are disrupting application security strategies. In this session, Dionisio Zumerle, VP Analyst at Gartner, shared insights on streamlining DevSecOps, AI's role in application security strategy, application security posture management and protecting cloud-native applications and defending against software supply chain attacks.

• “While the advent of Generative AI (GenAI) in application security is a huge, spectacular wave, the transition of security hands-on tasks from security practitioners to developers feels more like an ocean swell. Both can be dangerous if ignored.”
• “GenAI is reshaping application security: at least one third of organizations use AI assistants today – but for 76% of organizations the main reason not to do so is the concern that this could introduce new security vulnerabilities.”
• “Developer experience is king. Streamlining DevSecOps requires implementing application security posture management principles, such as automating remediation workflows and, most importantly, simplifying and minimizing developer security tasks by reducing noise.”
• “Identify the new threats that GenAI-augmented coding and AI agentic applications introduce, but also experiment with GenAI to help developers learn security and remediate quickly.”
• “The future of application security tools is convergence. Favor application security platforms that can provide multiple, well-integrated application security capabilities.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.