Gartner: 8 Ways Cybersecurity Will Change Companies
From zero trust flops to possible limits on ransomware payments, Gartner outlines its security-related predictions for 2022-2023.
By now, most leaders of for-profit and non-profit organizations are fully aware of the need for more cybersecurity measures amid a dramatic spike in ransomware and other high-profile cyberattacks.
As a result, spending on security products and services has spiked in recent years, as leaders make security a higher priority within their institutions.
But the need for additional cybersecurity has changed more than just IT departments. They’re literally changing the way companies function, from C-suites to the loading docks to remote workers’ home offices.
Gartner recently released its annual “Top Eight Cybersecurity Predictions for 2022-23,” based on its monitoring of security-related trends impacting institutions and people around the world.
The list might just as well have been called “8 Ways Cybersecurity Will Change Companies,” since most of the predictions focus on expected changes that institutions and their leaders will face over coming years as a result of rising cyber-threats.
Following are Gartner’s eight predictions in bold type, with summaries by CRN based on Gartner materials and a CRN interview with Sam Olyaei, a vice president at Gartner and a lead author of the predictions.
‘Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70 percent of global GDP.’
This is not a surprising prediction since an increasing number of people and institutions are conducting sensitive business over the internet – and they want more privacy when doing so. Governments are responding to that demand. According to Gartner, nearly 3 billion individuals had access to consumer privacy rights in 50 countries in 2021 – and that number will simply continue to grow this year and next.
‘By 2025, 80 percent of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.’
This is ultimately about consolidation and optimization demanded by customers growing increasingly frustrated with having to deal with multiple security and other types of tech vendors. Currently, only 20 percent of enterprises have unified web, cloud services and private access from a single vendor’s security service edge (SSE) solution. Look for this to quadruple over the next three years, Gartner says.
‘60% of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits’
As Gartner notes, zero trust is not a new security tool, but rather an overarching set of principles dealing with cybersecurity and system access. As a result, it’s not merely about vendors installing new security products. It’s also about a “cultural shift and clear communication” within organizations that adopt zero trust – and most of those organizations will fail to fully benefit from zero trust due to faulty implementation of its practices, says Gartner.
‘By 2025, 60 Percent of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.’
Want to do business with another company? Moving forward, you better be able to prove you’ve taken the necessary steps to improve your cybersecurity posture. “As a result of consumer concerns and interest from regulators, Gartner believes organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions,” writes Gartner.
‘Through 2025, 30 Percent of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1 Percent in 2021.’
Right now, it’s sort of like the wild west when it comes to ransomware attacks and targeted organizations cutting deals with cybercriminals to get their data back. But Gartner believes governments will increasingly mandate more rules, guidelines and even outright bans when it comes to negotiating with ransomware attackers.
‘By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties’
It’s no longer about seizing control of data. Ransomware attacks are now also seizing control of entire infrastructures. Think: Colonial Pipeline hack. And Gartner believes such “weaponized” operational technology (OT) attacks on utilities, factories, hospital emergency rooms and other key physical sites will lead to actual human casualties and environmental damage in coming years.
‘By 2025, 70 Percent of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.’
From pandemic lockdowns to ransomware attacks to extreme weather events caused by climate change, corporate boards and CEOs are increasingly aware they’re living in volatile times – and Gartner believes leaders will increasingly mandate “organizational resilience as a strategic imperative” for their institutions.
‘By 2026, 50 Percent of C-level executives will have performance requirements related to risk built into their employment contracts.’
How important has cybersecurity become within the corporate world? Important enough for company boards to start inserting security-related performance requirements in the contracts of CEOs and other top executives. “Gartner expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders,” Gartner writes.