Gartner highlights the most important cybersecurity trends of 2023
Security and Risk Management (SRM) executives must review their investment mix between human-centric and technological aspects when implementing cybersecurity programs that align with the top 9 trends in the industry, according to Gartner.
Richard Addiscott, a Senior Director Analyst at Gartner an approach that is centered around people to cybersecurity is essential in reducing security-related failures.
“Focusing on people in control design and implementation, as well as through business communications and cybersecurity talent management, will help to improve business-risk decisions and cybersecurity staff retention.”
SRM managers should focus on three areas of focus, i.e., human-centric strategies for security development and implementation, technological security features that allow for greater flexibility and transparency across the digital ecosystem of an organization, and reorganizing the security function to enable flexibility, without risking security.
The following nine trends are expected to be of great importance to SRM executives in the following three areas:
Trend 1: Security design that is human-centric
Human-centric security design emphasizes the importance of employees’ experience throughout the control management lifecycle. By 2027, 50 percent of large enterprise chief information security officers (CISOs) will have adopted human-centric security design practices to minimize cybersecurity-induced friction and maximize control adoption.
Trend 2: Increasing people management to ensure security program viability
In the past, cybersecurity leaders have concentrated on improving the technologies and processes to support their programs, but have not put much concentration on the people who are responsible for these transformations. CISOs who employ the human-centric approach to managing their talent to retain and attract employees have seen improvement in both their functional and technical levels of maturity. In 2026 Gartner estimates that 60% of organizations will move from hiring externally in favor of “quiet hiring” from the internal market to tackle security and recruitment issues that are systemic.
Trend 3: Redefining the operating model for cybersecurity to help create value
Technology is shifting from central IT functions to areas of corporate, business, fusion teams, and even individual employees. The Gartner study revealed 41% of employees are involved in at least one type of technical work which is expected to continue to increase over the next five years.
CISOs should alter their cybersecurity operational model to incorporate how work is accomplished. Employees should be able to manage multiple security risks, including reputational, financial, and legal threats. Cybersecurity must also be tied to business value through measuring and reporting on success against the business’s goals and outcomes.
Trend 4: Management of threat exposure
The attack surface of modern businesses is a complex one that causes fatigue. CISOs need to improve their assessment techniques to comprehend their vulnerability to threats through the implementation of Continuous Threat Exposure Management (CTEM) programs. Gartner forecasts that, by 2026, organizations that prioritize their security investments on the CTEM program will experience two-thirds fewer attacks.
Trend 5: Identity Fabric protection
The vulnerability of the identity infrastructure can be due to misconfigured, insufficient or insecure elements of the Identity Fabric. In 2027, identity fabric immunity will stop 85 percent of all new attacks and thus decrease the financial consequences of security breaches by 80 percent.
Trend 6: Cybersecurity Validation
Cybersecurity validation integrates methods, processes, and tools used to test how attackers could exploit a specific threat. The cybersecurity tools needed for validation are making great strides in automating repeatable and reliable aspects of tests, allowing regular benchmarks of attack strategies security controls, processes, and techniques. In 2026, more than 40 percent of companies which include two-thirds of midsize enterprises, will use consolidating platforms to conduct cybersecurity validation tests.
Trend 7: The consolidation of cybersecurity platforms
In order to streamline operations and streamline their processes, vendors are consolidating their platforms around one or more of the major cybersecurity areas. For instance, identity security services could be provided via a common platform that integrates security, governance, and access management functions. SRM executives must continuously review security controls in order to determine what overlaps are present and how to minimize the amount of redundant work through consolidated platforms.
Trend 8: Composable companies require security that is composable
Organizations have to shift away from monolithic systems and instead build modular capabilities into their applications to adapt to the speed of business changes. Composable security is a method that integrates cybersecurity controls into architectural patterns and is later used in a modular manner in composable technology deployments. By 2027, over 50% of software applications for business will be developed with composable architectures, which will require the development of a new strategy for protecting these applications.
Trend 9: The Boards broaden their cybersecurity oversight capabilities
The increasing focus of boards on cybersecurity is fueled by the trend towards explicit-level accountability for cybersecurity, which includes increased responsibility for board members in their governance functions. Cybersecurity executives must present boards with a report which demonstrates the effectiveness of their cybersecurity programs on the company’s objectives and goals.
