• The report is a harsh reminder for all the IT and cybersecurity teams that the threat landscape is very much real and changing faster than most organizations can react.
  • These eight predictions are crucial for CIOs, CISOs, and their teams to think about how they can become more resilient and redefine their tech stacks to tackle new attack types.

Various businesses are devastatingly affected by cyberattacks, and the impacts will be more severe in the future if organizations fail to treat cybersecurity as a significant investment.

This is the message from Gartner’s recently released top eight cybersecurity-related predictions for the world’s CIOs, CISOs, and risk and security management leaders. It’s a harsh reminder for all the IT and cybersecurity teams overwhelmed by digital transformation projects, remote work, and hybrid cloud integration that the threat landscape is very much real and is changing faster than most organizations can react.

What Gartner’s predictions say

The company’s top eight predictions warn organizations that they need to employ increased flexibility to help them deal with the severe impacts of cyberattacks. The key is to reduce the blast radius of potentially devastating attacks.

The prediction suggests that IT teams and organizations not only focus on ransomware or other trending types of a cyberattack but also prioritize cybersecurity investments to manage risks better. According to Gartner’s predictions, 60% of organizations will be using cybersecurity risk as a primary deciding factor while conducting third-party business engagements and transactions by 2025.

The key is to double down on every threat with greater resilience. The most remarkable example is that Gartner mentions Zero-Trust Network Access (ZTNA) in only one of the eight predictions; others also reflect on the core concepts of ZTNA and its benefits.

These predictions also state that organizations must do more than just invest in preventative controls. Much priority must be placed on resilience. The reason is that threat surfaces are growing faster than many organizations can gain visibility to and protect.

It is expected that 80% of enterprises might adopt a strategy of choosing a single vendor’s Secured Service Edge (SSE) platform for unifying access to cloud services, web, and private applications. ZTNA is one of the fundamental technologies that enable SSE platforms.

Here are Gartner’s top eight cybersecurity predictions for 2022-23:

  1. In 2023, government regulations requiring organizations to provide customer privacy rights will cover almost 5 billion citizens and over 70% of global GDP. As of 2021, nearly three billion people were protected under consumer privacy rights across 50 countries, and there has been progress in increasing privacy regulations around the globe. Gartner recommends that enterprises must track subject rights request metrics, which include cost per request and the time needed to fulfil it, identify inefficiencies, and justify accelerated automation
  2. By 2025, 80% of organizations will adopt a strategy that unifies cloud service, web, and private applications access from a single vendor’s SSE platform. There already is an upsurge around the unification of web, cloud services, private applications and more. With activities like mergers and acquisitions increasing, stand-alone ZTNA providers are looking to integrate with SASE and SSE platforms. This trend can be seen in Fortinet acquiring OPAQ, Check Point Software Technologies acquiring Odo Security, Cisco acquiring Portshift, Palo Alto Networks acquiring CloudGenix, and many such acquisitions
  3. By 2025, 60% of organizations will embrace zero trust as a starting point for security, but more than half of them will not realize its benefits. Gartner’s pessimism reflects how challenging it is for organizations to secure the growth in a number of generated machine identities, combined with Privileged Access Management (PAM) and Identity Access Management (IAM) failures. It has also been difficult for organizations to attempt to protect hybrid cloud configurations with ZTNA while following up on the shared responsibility models of public cloud providers like Amazon. It is difficult to get the hybrid cloud security right; hence the attempts of organizations to pursue a ZTNA framework can be challenging.
  4. By 2025, 60% of organizations will use cybersecurity risk as a significant deciding factor while carrying third-party business engagements and transactions. It implies the importance of cybersecurity as a business investment focusing on reducing operational risks. Although the cyberattacks related to third parties are on the rise, only 23% of risk and security leaders monitor third-party threats, which shows the high chances of attacks. A sign showing how vital cybersecurity will be to business operations is when risk assessments must be completed before third-party company contracts. Gartner sees this materializing within the next three years.
  5. By the year-end of 2025, 30% of nation-states will pass legislation that will regulate ransomware fines, payments, and negotiations. This number is up from less than 1% in 2021. Even today, French cybersecurity insurance firms will not pay ransom to a client who a ransomware attack has hit. Gartner predicts nation-states will follow the French cyber insure’s lead in the future and regulate payments. This shows how vital a business decision is to risk management, resilience, and deterrence
  6. By 2025, threat actors will weaponize Operational Technology (OT) environments that cause human casualties. Unfortunately, air gaps aren’t strong enough to protect oil, energy, gas, processing refineries, and manufacturing centers that run on Industrial Control Systems (ICS) that are not designed to prevent cyberattacks. Hence, it may not come as a surprise that only 46% of known OT cyber threats are poorly detected or not detected at all. Also, research by Honeywell found that 11% are never noticed, and only 35% of attempted breaches get caught by detection techniques and engines.
  7. By 2025, 70% of CEOs will mandate organizational resilience culture to survive coinciding cybercrime threats, civil unrest, severe weather events, and political instabilities. Another prediction shows how CEOs consider cybersecurity a risk management issue, not just an IT one. Gartner’s inquiry calls must incline toward fighting popular cyberattack strategies for a given month or period when rethinking the cybersecurity tech stack for additional severe threats and risk is essential. Gartner’s priority of resilience shows that their clients want stop-gap help with today’s weaknesses in cybersecurity when they need a more substantial cybersecurity tech stack overhaul.
  8. By 2026, half of the C-level executives will have performance requirements associated with risk built into the employee’s contract. Forward-thinking Board of Directors (BOD) started holding CEOs accountable for the environmental, social, and governance (ESG) initiatives around 2018. CIO pays have indexed to how much their departments helped reduce roadblocks to more revenue and, most importantly, how they serve sales to enable them to drive more revenue. A core skill that a CIO and CISO must cultivate is risk management. It is a necessity in their work, just like the way a CEO needs to know about ESG initiatives. The studies and reports in support of the prediction have been steadily growing for years.

Resiliency in tech stacks

These eight predictions are crucial for CIOs, CISOs, and their teams to think about how they can become more resilient and redefine their tech stacks to tackle new attack types. Cybersecurity is a business decision when CISOs have their pay listed to risk management. That becomes the right step in seeing resilience as a significant business strength with scope for improvement.