Press Release

STAMFORD, Conn., June 6, 2016 View All Press Releases

Gartner Says By 2020, 60 Percent of Digital Businesses Will Suffer Major Service Failures Due to the Inability of IT Security Teams to Manage Digital Risk

Gartner Special Report Looks at Cybersecurity at the Speed of Digital Business

As organizations transition to digital business, a lack of directly owned infrastructure and services outside of IT's control will need to be addressed by cybersecurity, according to Gartner, Inc. Gartner predicts that by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.

"Cybersecurity is a critical part of digital business with its broader external ecosystem and new challenges in an open digital world," said Paul Proctor, vice president and distinguished analyst at Gartner. "Organizations will learn to live with acceptable levels of digital risk as business units innovate to discover what security they need and what they can afford. Digital ethics, analytics and a people-centric focus will be as important as technical controls."

Gartner has identified five key areas of focus for successfully addressing cybersecurity in digital business:

  • Leadership and Governance — Improving leadership and governance is arguably more important than developing technology tools and skills when addressing cybersecurity and technology risk in digital business. Decision making, prioritization, budget allocation, measurement, reporting, transparency and accountability are key attributes of a successful program that balances the need to protect with the need to run the business.
  • The Evolving Threat Environment — IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. Gartner predicts that by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30 percent in 2016. Organizations need to detect and respond to malicious behaviors and incidents, because even the best preventative controls will not prevent all incidents.
  • Cybersecurity at the Speed of Digital Business — Digital business moves at a faster pace than traditional business, and traditional security approaches designed for maximum control will no longer work in the new era of digital innovation. IT risk and information security leaders must assess and transform their programs to become digital business enablers rather than obstacles to innovation. Organizations that are able to successfully establish an ecosystem that balances protecting and growing the business will remain competitive and in a position to address cybersecurity threats.
  • Cybersecurity at the New Edge — It used to be easy to protect data because it resided in the data center. The new edge has pushed far beyond the data center into operational technology, cloud, mobile, SaaS and things. For example, by 2018, 25 percent of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls. Organizations need to address cybersecurity and risks in technologies and assets they no longer own or control. Business unit IT is a fact in most modern enterprises, and it will not be shut down by cybersecurity and risk concerns. It must be embraced and managed to deliver appropriate levels of protection.
  • People and Process: Cultural Change — With the acceleration of digital business and the power technology gives individuals, it is now critical to address behavior change and engagement — from your employees to your customers. Cybersecurity must accommodate and address the needs of people through process and cultural change. People-centric security gives each person in an organization increasing autonomy in how he or she uses information and devices — and what level of security adopted when he or she uses it. The individual then has a certain set of rights in using technology and is linked to the group in the entire enterprise. The individual must also recognize that if things go wrong, it will have an impact on the team, group and business.

More detailed analysis is available in the Gartner Special Report "Cybersecurity at the Speed of Digital Business," a collection of research that addresses the new reality where IT organizations have little direct infrastructure and their biggest security concerns will come from services outside their control. Learn more in the complimentary Gartner webinar "Special Report: Cybersecurity is a Foundation for Digital Business."

Gartner analysts will take a deeper look at cybersecurity and digital risk at the Gartner Security & Risk Management Summit 2016. Upcoming dates and locations for the Gartner Security & Risk Management Summit 2016 include:

June 13-16 in National Harbor, Maryland

July 11-13 in Tokyo, Japan

August 2-3 in Sao Paulo, Brazil

August 22-23 in Sydney, Australia

September 1-2 in Mumbai, India

September 12-13 in London, UK

October 31-November 1 in Dubai, UAE

Information from the Gartner Security & Risk Management Summits 2016 will be shared on Twitter using #GartnerSEC.

Contacts
About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading research and advisory company. The company helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. Gartner's comprehensive suite of services delivers strategic advice and proven best practices to help clients succeed in their mission-critical priorities. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has more than 15,000 associates serving clients in 11,000 enterprises in 100 countries. For more information, visit www.gartner.com.

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.