Gartner: The Top Cybersecurity Predictions for 2023 and Beyond

• Opening Keynote presented by Deepti Gopal, Director Analyst, Gartner and Christopher Mixter, VP, Research, Gartner.

• At Gartner Security & Risk Management Summit 2023 India

Gartner analysts identified eight cybersecurity predictions for 2023 and beyond.

Here is news and highlights from the Gartner Security & Risk Management Summit, taking place this week in Mumbai, India. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, there was a sharing from Gartner on the top cybersecurity predictions for 2023 and beyond, looking ahead on the horizon of cloud security and sharing 10 key issues to successfully protect an organization’s cyber-physical systems. Be sure to check this page throughout the day for updates.

Key Announcements

Opening Keynote: The Top Cybersecurity Predictions for 2023 and Beyond

Presented by Deepti Gopal, Director Analyst, Gartner and Christopher Mixter, VP, Research, Gartner

As we look out over the next decade, what are the scenarios security and risk management leaders should consider in their organizations’ cybersecurity strategy? In the opening keynote, Deepti Gopal, Director Analyst and Christopher Mixter, VP, Research at Gartner shared their top predictions to help cybersecurity leaders be successful in the digital era.

Key Takeaways

• Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP: “Security and risk management leaders should enforce a comprehensive privacy standard in line with the GDPR. This will allow their businesses to differentiate themselves in an increasingly competitive market and grow unhindered.”

• By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform: “Create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.”

• 60% of organizations will embrace Zero Trust as a starting point for security by 2025. Over half will fail to realize benefits: “Communicate business relevance of ZT by aligning resilience and agility.”

• By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements: “Leverage risk-based evaluations that highlight transparency and reward participants.”

• Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021: “Recognize the impact of paying. Modern ransomware gangs have shifted to steal data as well as encrypt it. Payment means the stolen data won’t be published, but it may very well be sold or otherwise disclosed at a later date if the information has value.”

Outlook for Cloud Security

Presented by Charlie Winckless, Sr Director Analyst, Gartner

Cloud security remains a top priority, but there are many unique risks associated with public cloud service providers. In this session, Charlie Winckless, Sr Director Analyst at Gartner, summarized the problems, recommended processes and new product types to address the key security challenges of infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS).

Key Takeaways

• “Many organizations started leveraging traditional security products in the cloud in the early cloud adoption phase. This approach can work in the short term, but as application and DevOps teams adopt cloud-native services, traditional security products are not able to address these use cases.”

• “Cloud-native security needs to address runtime protection, cloud configuration, artifact scanning and DevSecOps enablement.”

• “Born in the cloud enterprises and their security investments can be a guide to the future state of security.”

• “Align security with the underlying architecture and business criticality. One size does not fit all.”

• “Cloud security capabilities are likely newer and more versatile, so apply these to your on-premises systems where suitable.”

• “Looking ahead on the horizon of cloud security, new technologies and trends that may emerge include cloud providers becoming security providers, security or policy as code, data and cloud sovereignty, confidential computing and more.”

Cyber-Physical Systems Security — Top 10 Must-Dos

Presented by Wam Voster, VP Analyst, Gartner

Whether cyber-physical systems (CPS) are born of OT/IT convergence or from IoT, industrial IoT, or Smart "X" efforts, CPS are everywhere and mandate different approaches to security than IT systems. In this session, Wam Voster, VP Analyst at Gartner, shared 10 must-dos for cybersecurity leaders to effectively protect their CPS.

Key Takeaways

“Your organization is asking you to step outside of data-centric information security and focus on all cyber-physical systems outside of enterprise IT. But how do you communicate back to leadership?”

There are 10 key issues cybersecurity leaders need to think about in order to protect CPS.

1. CPS security is not about dogma. It is about security and safety.

2. CPS security is not only about networks — it’s about assets.

3. Discover all your CPS — because you can’t protect what you don’t know you have.

4. CPS Security does not equal cost; CPS Security = Value = Resilience.

5. Just like IT security, CPS security is also about good hygiene.

6. CPS Security + IT Security = Operational Resilience.

7. CPS Security experts rarely come readymade.

8. CPS Security is not just a team sport, it’s an ecosystem sport.

9. CPS Security — more mandates are coming but you are not alone.

10. You are just at the beginning of CPS security; buckle up for “interesting” times ahead!