The government will require privacy rights for consumers in 2023 for more than 5 billion people and more than 70% of the world's GDP.

A staggering 3 billion consumers in 50 countries have rights to privacy as of 2021, and the regulation of privacy is expanding. To identify inefficiencies and justify accelerated automation, Gartner suggests tracking metrics related to subject rights requests, including cost per request and time it takes to complete.

By 2025, Gartner estimates that 80% of companies will unify access to the web, cloud, and private applications with a single platform.
Due to hybrid workforces and ubiquitous access to data, application security for SaaS and web apps must be consistent and simple. One advantage of single-vendor solutions is that they are more streamlined, have fewer consoles to manage, and require fewer decryptions, inspections, and re-encryptions than best-of-breed solutions.
Zero Trust will be the basis for security at 60% of companies by 2025. More than half will fail to realize the benefits
There are many security vendors who market the concept of zero trust and government agencies that provide security advice. This approach, which replaces implicit trust with identity-based and context-based risk-appropriate trust, has significant power as a mindset. Zero trust can, however, only be achieved if there is a cultural shift and clear communication that ties it to business outcomes.

Among organizations, 60% will use cybersecurity risk to determine their relationships with third parties by 2025.
There is an increase in cyberattacks involving third parties. Despite this, Gartner data indicates that only 23 percent of security and risk leaders monitor third parties in real time for cybersecurity risks. Consumer concerns and regulatory interest will push companies to mandate cybersecurity risk when conducting business with third parties, from simple monitoring of a critical technology supplier to complex due diligence when acquiring or merging companies.

30% of nations will enact legislation that regulates ransomware payments, fines, and negotiations by 2025, compared with less than 1% in 2021.
Data is being stolen and encrypted by modern ransomware gangs. Ransoms are paid at the discretion of businesses, not by security teams. The analyst firm recommends that before negotiating, law enforcement and any regulatory body be consulted.

Threat actors will be able to weaponize operational technology environments with success by 2025.
It is becoming more and more common for OT systems - the hardware and software that monitor or control equipment, assets, and processes - to be attacked. Gartner recommends security and risk management leaders focus on real-world hazards, such as threats to humans and the environment, instead of information theft.

75% of CEOs say they want their organizations to be resilient by 2025 in the face of cybercrime, severe weather events, civil unrest, and political instability.
As a result of COVID-19, traditional business continuity management plans are no longer capable of supporting an organization's response to such disruption on a large scale. Gartner recommends risk leaders recognize organizational resilience as a strategic imperative and build a strategy to engage their staff, stakeholders, customers, and suppliers in building organizational-wide resilience.

A performance requirement related to risk will be part of 50% of C-level executive's employment contracts by 2026
According to a recent Gartner survey, most boards now view cybersecurity as a business risk rather than strictly an IT issue. Gartner predicts that business executives will be given formal accountability for cyber risk management, rather than the security leader.
Study & Data Presented by: Gartner 

Latest Resources

See all resources