Gartner Security & Risk Management Summit 2025 National Harbor: Day 3 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 3 from the conference, we are highlighting theoutlook for privacy in 2025 and 2026, seucuring GenAI applications and measuring the efficacy of GenAI risk management efforts. Be sure to check this page throughout the day for updates.

• Gartner Identifies Strategic Focus Areas for CISOs Amid Rising Hype and Scrutiny
• Gartner Predicts that Guardian Agents will Capture 10-15% of the Agentic AI Market by 2030

Presented by Bernard Woo, VP Analyst, Gartner

Privacy has become a "three-body problem" with differing approaches taken by different jurisdictions, ultimately pulling organizations in different directions. In this session, Bernard Woo, VP Analyst at Gartner, shared the latest developments in privacy, including practical suggestions on how to make smart technology investments to meet these challenges.

• “As we close in on almost 10 years of Europe’s GDPR going into effect, it remains the standard that most jurisdictions use to guide their approach to privacy regulations. Increasingly though, different jurisdictions are adjusting the principles established by the GDPR to suit their local needs.”
• “By 2027, 90% of online vendors providing age-restricted products and offerings will have implemented age verification and consent tracking to comply with the new online data privacy and security regulations.”
• “Connect with senior leaders to prioritize which privacy trend has the greatest impact on organizational objectives and needs focus first.”
• “In the age of AI and increasing divergence in regulatory approaches, chasing compliance only causes endless churn. Guide people in the organization to build a privacy culture based on customer expectations to achieve the agility to adjust to everchanging conditions.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.

Presented by Jeremy D’Hoinne, Distinguished VP Analyst, Gartner

AI applications introduce new attack surfaces in the application development life cycle, necessitating dedicated and innovative security measures. In this session, Jeremy D’Hoinne, Distinguished VP Analyst at Gartner, discussed strategies to secure AI and generative AI (GenAI) applications while highlighting best practices for effectively managing AI-related risks.

• “There are many stakeholders involved in AI projects, each with different priorities. Unfortunately, it is not as simple as splitting responsibilities, because there are some overlaps too. Most organizations have an AI committee, in charge of the decisions. CISOs must be part of this committee.”
• “CISOS must inventory AI usage and enforce policies based on their risk tolerance.”
• “Data security might not be where you implement your first control but is the area where you should invest a lot of energy. Step zero would be to ensure CISOs have visibility about AI projects and applications including an AI model. Then, for each identified application, you need to start early in the life cycle, often at the design phase.”
• “There are four ways of preventing data risks: monitor usage and detect anomalies; access rules and security controls; transform by masking, encrypting and synthetizing; and avoid using data where possible to only expose data that is necessary.”
• “CISOs must maintain AI literacy on AI evolution to continually adapt security practices.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.

Presented by Paul Proctor, Distinguished VP Analyst, Gartner

Whether you like it or not, your organization is likely using GenAI. The question is how you respond and contribute to ensuring the business is not exposed to unnecessary risks due to immature GenAI implementation and risk management processes. In this session, Paul Proctor, Distinguished VP Analyst at Gartner, discussed how an outcome-driven approach can help business stakeholders make optimized cybersecurity risk management decisions and maximize their investments.

• “58% CISOs are leading their organization’s AI adoption programs – the CISOs’ role is central to the organization’s ability to take intelligent risks.”
• “An outcome driven approach is the best way to measure the effectiveness of the security controls you’re deploying to ensure an organization’s GenAI risks are managed and the organization gets the maximum return on its investment. It’ll give optimal oversight over your security control effectiveness and help bring the organization’s executives along and help them make more risk informed decisions.”
• “Outcome-driven metrics (ODM) primary purpose is to be an indicator for protection levels – the better the ODM, the better the organization is protected and vice versa.”
• “ODMs are changing the way CISOs report on the performance of their cybersecurity programs as they provide a direct line of sight between the performance of the organization’s security investments and desired business outcomes.”
• “Data must be ready to be used to maximise the organization’s ROI from the time, money and effort in GenAI use-case initiatives.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Matt LoDolce at matt.lodolce@gartner.com.