Gartner Security & Risk Management Summit 2022 National Harbor: Day 2 Highlights – Gartner | Region & Cash

National Harbor, Maryland, June 8, 2022

We bring you news and highlights from the Gartner Security & Risk Management Summit taking place this week in National Harbor, Maryland. Below is a collection of key announcements and takeaways from the conference. You can read the highlights of day 1 here.

On day two of the conference, we’ll highlight the top trends in security and risk management, key drivers of CISO effectiveness, and cybersecurity projections for 2022-2023. Be sure to check this page throughout the day for updates.


Important Announcements

Top trends in security and risk management

Presented by Jay Heiser, VP Analyst, Gartner


There are numerous business, market and technology dynamics that security and risk management leaders cannot ignore. In this presentation, Jay Heiser, VP Analyst at Gartner, highlighted the key trends that have the potential to transform the security ecosystem over the next one to three years.


The central theses

  • attack surface expansion. A dramatic increase in the attack surface arises from changes in the use of digital systems, including new hybrid work, accelerated use of public clouds, more closely connected supply chains, expansion of publicly available digital assets, and greater use of operational technology.
  • Identity Threat Detection and Response (ITDR). ITDR describes the collection of tools and best practices to successfully protect identity systems from endemic attacks.
  • Digital supply chain risk. As widespread vulnerabilities such as URGENT/11 and Log4j propagate through reuse across all types of technology stacks throughout the supply chain, more attacks will emerge.
  • Vendor Consolidation. Security technology convergence is accelerating, driven by the need to reduce complexity, leverage commonality, reduce administrative overhead, and provide more effective security.
  • cyber security network. Cybersecurity Mesh creates and leverages interoperable connections between security tools to promote a consistent security posture, enabling tools to share and leverage security intelligence and apply a dynamic policy model.
  • distribute decisions. By 2025, a single, centralized CISO will no longer be sufficient to manage the cybersecurity needs of a digital organization.
  • Beyond Consciousness. Human error is still found in most data breaches, a clear signal that traditional approaches to security awareness training are no longer effective.

Learn more about the top trends in security and risk management for 2022 in Gartner’s related press release.


The Key Drivers of CISO Effectiveness

Presented by Christopher Mixter, VP, Research, Gartner


As digital business has led to safety and risk becoming a boardroom issue, lines of business have raised their expectations of leadership. In this session, Christopher Mixter, VP, Research at Gartner, highlights the leadership characteristics that support a successful and balanced approach between business needs and leadership effectiveness.


The central theses

  • “CISOs work in a silo and as a result are often overworked, faced with unrealistic expectations and served as scapegoats. At the end of the day, there is hardly anyone in the organization who has the same level of responsibility as the CISO.”
  • “Gartner considers four key factors when evaluating CISO effectiveness: functional leadership, delivery of information security services, business responsiveness, and governance at scale.”
  • “Few CISOs excel in all categories, and in fact, only 12% of CISOs surveyed by Gartner excel in all four effectiveness categories.”
  • “Effective CISOs are far less likely to report business-disrupting security incidents or project delays due to information security, and on the personal side, less effective CISOs feel overwhelmed by security alerts or stress at work.”
  • “There are 14 controllable differentiators of CISO effectiveness, which we have grouped into four categories. An effective CISO is an executive influencer, a future risk manager, a workforce architect and a stress navigator.”
  • “We’re seeing a lot of experimentation as companies realize that old org charts no longer fit into new digital ecosystems.”

Learn more about becoming an effective Chief Security Officer in the free Gartner e-book, Four Factors of Effective CISO Leadership.


The best cybersecurity predictions for 2022-2023

Presented by Leigh McMullen, Distinguished VP Analyst at Gartner


As we look to the next decade, some scenarios need to be seriously considered when strategically planning the enterprise cybersecurity plan. In this session, Leigh McMullen, Distinguished VP Analyst at Gartner, shared some of the key predictions over the next two years that security and risk management leaders should monitor to thrive in the digital age.


The central theses

  • By 2023, 5 billion citizens and more than 70% of global GDP will be covered by government regulations requiring businesses to provide consumer privacy rights: “Security and risk management leaders should enforce a comprehensive data protection standard in line with the GDPR. This will allow their businesses to differentiate themselves and thrive unhindered in an increasingly competitive marketplace.”
  • By 2025, 80% of enterprises will have a strategy to unify web, cloud services and private application access through a single vendor’s SSE platform: “Create a dedicated team of security and network professionals with shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.”
  • 60% of organizations will adopt Zero Trust as a starting point for security by 2025. More than half will not realize the benefits: “Communicate ZT’s business relevance by aligning resiliency and agility.”
  • By 2025, 60% of organizations will use cybersecurity risk as the primary determinant when conducting transactions and doing business with third parties: “Use risk-based assessments that emphasize transparency and reward participants.”
  • By 2025, 30% of nation states will pass legislation requiring ransomware payments, fines and negotiations, up from less than 1% in 2021: “Recognize the impact of paying. Modern day ransomware gangs have moved to stealing and encrypting data. Payment means the stolen data will not be made public, but it can be sold or otherwise disclosed at a later date if the information has value.”


Leave a Comment