The Top 8 Security and Risk Trends We’re Watching

November 15, 2021

Contributor: Kasey Panetta

Cybersecurity mesh, identity-first security, security-savvy board of directors and privacy-enhancing computation all make the list.

Explore the latest: Top Cybersecurity Trends

As cybersecurity and regulatory compliance become the top two biggest concerns of corporate boards, some are adding cybersecurity experts specifically to scrutinize security and risk issues. This is just one of our top 8 security and risk trends, many of which are driven by recent events such as security breaches and the ongoing COVID-19 pandemic.

Download now: How to Create a Resilient, Scalable and Agile Cybersecurity Strategy

“Over the past two years, the typical enterprise has been turned inside out,” says Peter Firstbrook, VP Analyst at Gartner. “As the new normal of hybrid work takes shape, all organizations will need an always-connected defensive posture and clarity on what business risks remote users elevate to remain secure.”

This year’s security and risk trends highlight ongoing but not yet widely recognized strategic shifts in the security ecosystem. Each is expected to have broad industry impact and significant potential for disruption.

The top 8 Gartner security and risk trends for 2021.

Trend No. 1: Cybersecurity mesh 

The cybersecurity mesh is a modern conceptual approach to security architecture that enables the distributed enterprise to deploy and extend security where it’s most needed. 

When COVID-19 accelerated digital business, it also accelerated the trend wherein many digital assets — and individuals — are increasingly located outside of the traditional enterprise infrastructure. In addition, cybersecurity teams are being asked to secure countless forms of digital transformation and other new technologies. This requires security options that are flexible, agile, scalable and composable — those that will enable the organization to move into the future, but in a secure manner. 

Learn more: Your Ultimate Guide to Cybersecurity

Trend No. 2: Cyber-savvy boards

With an increase in very public security breaches and increasingly common business disruptions due to ransomware, boards are paying more attention to cybersecurity. They recognize it as a huge risk to enterprises and are forming dedicated committees that focus on cybersecurity matters, often led by a board member with security experience (such as a former chief information security officer [CISO]) or a third-party consultant. 

This means that CISOs can expect increased scrutiny and expectations, alongside an increase in support and resources. Be prepared to improve communication and expect tougher questions from your board as a result. 

Trend No. 3: Vendor consolidation

The reality for security today is that security leaders have too many tools. Gartner found in the 2020 CISO Effectiveness Survey that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more. Having too many security vendors results in complex security operations and increased security headcount. 

Most organizations recognize vendor consolidation as an avenue for more efficient security, with 80% executing or interested in a strategy for this. Large security vendors are responding with better-integrated products. However, consolidation is challenging and often takes years to roll out. Although lower costs are often a perceived driver of this trend, more streamlined operations and reduced risk are often more achievable. 

Download now: A Roadmap for Maturing Your Information Security Program

Trend No. 4: Identity-first security 

Hybrid work and the migration to cloud applications have solidified the trend of identity as the perimeter. Identity-first security is not new, but it takes on fresh urgency as attackers begin to target identity and access management capabilities to gain silent persistence.

Misused credentials are now the top technique used in breaches. Nation-state-level attackers are targeting active directory and the identity infrastructure with phenomenal success. Identity is a key lateral movement technique across air-gapped networks. Multifactor authentication usage is growing, but it is not a panacea. Identity infrastructure must be properly configured, maintained and monitored with an elevated importance.

Trend No. 5: Managing machine identities becoming a critical security capability

As digital transformation progresses, there has been an explosive growth in the numbers of nonhuman entities that make up modern applications. Therefore, managing machine identities has become a vital part of security operations. 

All modern applications are made up of services that are connected by APIs. Each of these services need to be authenticated and monitored as attackers can use your suppliers’ API access to critical data to their advantage. The tools and techniques for enterprisewide machine identity management are still emerging. However, an enterprisewide strategy for managing machine identities, certificates and secrets will enable your organization to better secure its digital transformation. 

Download now: The Top 3 Strategic Priorities for Security and Risk Management

Trend No. 6: “Remote work” is now just “work” 

According to the 2021 Gartner CIO Survey, 64% of employees are now able to work from home, and two-fifths actually are working from home. What was once only available to executives, senior staff and sales is now mainstream. The movement to hybrid (or remote work) is a durable trend with more than 75% of knowledge workers expecting future hybrid work environments.

From a security perspective, this requires a total reboot of policies and tools to better mitigate risks. 

Trend No. 7: Breach and attack simulation 

A new market is emerging to help organizations validate their security posture. Breach and attack simulation (BAS) offers continuous testing and validation of security controls, and it tests the organization’s posture against external threats. It also offers specialized assessments and highlights the risks to high-value assets like confidential data. BAS provides training to enable security organizations to mature. 

Trend No. 8: Privacy-enhancing computation techniques 

Privacy-enhancing computation techniques that protect data while it’s being used — as opposed to while it’s at rest or in motion — enable secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments. 

This technology is rapidly transforming from academic research to real projects delivering real value, enabling new forms of computing and sharing with reduced risk of data breaches.


Experience IT Security and Risk Management conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

Drive stronger performance on your mission-critical priorities.