Share with Your Network
Cyberattacks are now considered the No. 1 business risk for C-suite executives and board members alike. According to new survey findings compiled by PwC, 40% of business leaders and a surprising 51% of board members feel that cyberattacks were deemed a serious risk. And the idea that cybersecurity is a shared priority trend is occurring across departments, with 44% of CFOs and 41% of CMOs citing it as an important risk.
So, it’s no surprise that when Gartner released a handful of alarming cybersecurity predictions, many of them painted a stark picture of how organizations will be managing risk in the not-too-distant future. Shared at a recent security and risk management summit in Sydney, Australia, the top eight predictions are designed to help security and risk management leaders survive the digital era.
And these analyst-divined tea leaves are spurring many security and business leaders to establish a foundation of security resilience to help outlast any unknown change or threat the future may hurl at them.
Risk and resilience dominate the four-year forecast
According to Gartner, the next few years will usher in an era of streamlined, integrated IT infrastructure to unify disparate tools and data silos. Most organizations will adopt a zero trust strategy, but few will realize its full potential. Ransomware payments will have more guardrails in place, largely driven by nation-states hoping to find some degree of order amid the chaos of constant data hijacks.
But perhaps it’s the most chilling prediction—by 2025, cyberattacks will leave human lives in their wake—that gives us a true glimpse into the sinister reality ahead. And that real and meaningful action needs to be taken now to avoid truly devastating losses.
A few key predictions help security and business leaders understand what most future-focused organizations will have in place to help stem the tide of rising risks.
“By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.”
The global pandemic pummeled businesses of all shapes and sizes, serving as a painful stress test for traditional business planning and operations. However, it also underscored the importance of resilience in the face of massive disruption and unknown change. Gartner recommends business leaders ground their company culture in organizational resilience to withstand increasing threats from climate change, geopolitical unrest, and threat actors.
Those that take heed will quickly realize that business resilience hinges on security resilience, with all other critical business units buoyed by flexible and secure security operations.
“By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.”
According to Gartner, a mere 23% of security leaders use real-time data to monitor third parties, leaving gaping holes in their environment. But increased cybersecurity risks will pave the way for rigorous partner and vendor screenings to ensure businesses won’t be left vulnerable to weak spots in their supply chains or IT infrastructure. Gartner predicts that future purchases, acquisitions, and partnerships will hinge on cybersecurity risk.
Supply chain security is fast becoming a favorite industry buzzword, but few understand what it truly entails or how to approach it. Understanding the basics of supply chain security is an appropriate starting point to begin locking down your environment when it comes to third-party entities.
“By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts.”
Human error accounts for a large swath of successful breaches, but even when those events do occur, it falls on IT to fix it. With cybersecurity problems typically being tossed over the fence to IT, it’s hard to imagine much shared responsibility for maintaining a healthy security posture. Moving forward, Gartner envisions a reality where risk accountability is baked into C-suite job requirements. This will most likely have a trickle-down effect to wider employee populations, impressing on both staff and leadership the importance of healthy cyber hygiene.
Establishing a risk-aligned culture and shoring up cybersecurity training is a multi-pronged, ongoing effort that helps add another layer of defense against hackers looking for their next easy in. And with responsibilities memorialized in C-level job descriptions, it’s bound to evolve from an annual box check to a sustained endeavor.
Meeting tomorrow’s demands begins today
While some security leaders may be a long way off from realizing Gartner’s predictions, PwC found that many are taking steps now to lay the groundwork for resilience. Bracing for sweeping regulatory changes, an overwhelming number of respondents (84%) said they planned to closely monitor policy areas related to cybersecurity, privacy, and data protection. Almost as many (79%) said they were updating their cybersecurity and risk management approach. And nearly half (49%) said they planned on increasing their cybersecurity spend.
While no one can truly predict the future, savvy leaders can draw conclusions from these finely tuned forecasts and take necessary steps to future-proof their security operations. The last two years marked the beginning of a new era, one where “unprecedented” is the norm and large-scale disruption is expected. The only way through it is to establish a foundation of resilience to confidently face whatever this era brings with it.
This blog was originally written for Kenna Security, which has been acquired by Cisco Systems. Learn more about Cisco Vulnerability Management.
