Global business analyst Gartner outlines areas of threat and opportunity for artificial intelligence in the cybersecurity industry throughout the coming decade.
Among its top eight predictions for 2024 it expects to see generative AI (GenAI) adoption close the cybersecurity skills gap and reduce human cybersecurity incidents; two-thirds of global 100 organizations will extend directors and officers insurance to cybersecurity leaders owing to personal legal exposure; and battling misinformation is likely to cost businesses more than $500 billion.
The company recommends cybersecurity leaders should build the following planning assumptions into their security strategies for the coming years:
- By 2028, the adoption of GenAI will close the skills gap, removing the need for specialized education from 50% of entry-level cybersecurity positions. It will change how organizations hire and teach cybersecurity workers looking for the right aptitude as much as the right education. Gartner recommends cybersecurity teams focus on internal use cases that support users as they work, coordinate with human resources partners and identify adjacent talent for more critical cybersecurity roles.
- By 2026, companies combining GenAI with an integrated platforms-based architecture in security behavior and culture programs will experience 40% fewer employee-driven cybersecurity incidents. GenAI has the potential to generate hyper-personalized content and training materials that take into context an employee’s unique attributes. This will increase the likelihood of employees adopting more secure behaviors in their day-to-day work.
- Through 2026, 75% of organizations will exclude unmanaged, legacy and cyberphysical systems from their zero-trust strategies. Under a zero-trust strategy, users and endpoints receive only the access needed to do their jobs and are continuously monitored based on evolving threats.
- By 2027, two-thirds of global 100 organizations will extend directors and officers insurance to cybersecurity leaders because of personal legal exposure. New laws and regulations, such as the U.S. Securities and Exchange Commission’s cybersecurity disclosure and reporting rules, expose cybersecurity leaders to personal liability and should be insured against.
- By 2028, enterprise spending on battling misinformation will surpass $500 billion, cannibalizing 50% of marketing and cybersecurity budgets. The combination of AI, analytics, behavioral science, social media, Internet of Things and other technologies enable bad actors to create and spread highly effective, mass-customized misinformation. Businesses should invest in tools and techniques that combat the issue using chaos engineering to test resilience.
- Through 2026, 40% of identity and access management (IAM) leaders will take over the primary responsibility for detecting and responding to IAM-related breaches. As IAM leaders continue to grow in importance, they will evolve in different directions, each with increased responsibility, visibility and influence. Gartner recommends a break in traditional IT and security silos by giving stakeholders visibility into the role IAM plays.
- By 2027, 70% of organizations will combine data loss prevention and insider risk management disciplines with IAM context to identify suspicious behavior more effectively. Increased interest in consolidated controls has prompted vendors to develop capabilities that represent an overlap between user behavior-focused controls and data loss prevention. Gartner recommends organizations identify data risk and identity risk and use them in tandem as the primary directive for strategic data security.
- By 2027, 30% of cybersecurity functions will redesign application security to be consumed directly by non-cyber experts and owned by application owners. The volume, variety and context of applications that business technologists and distributed delivery teams create means potential for exposures well beyond what dedicated application security teams can handle.
Deepti Gopal, director analyst at Gartner, says: “As we start moving beyond what’s possible with GenAI, solid opportunities are emerging to help solve a number of perennial issues plaguing cybersecurity, particularly the skills shortage and unsecure human behavior. The scope of the top predictions this year is clearly not on technology, as the human element continues to gain far more attention. Any chief information security officer looking to build an effective and sustainable cybersecurity program must make this a priority.”
