Gartner identifies top risk management trends

​

​Global research and advisory firm Gartner has identified a number of ongoing strategic shifts in the security ecosystem, which it expects to have broad industry impact and significant potential for disruption.

Gartner believes these emerging trends, which will be explored at its Security and Risk Management Summit in June, are set to impact the work of security, privacy and risk leaders. 

1. Risk appetite statements are becoming linked to business outcomes

As IT strategies become more closely aligned with business goals, the ability for security and risk management (SRM) leaders to effectively present security matters to key business decision-makers gains importance. 

2. Security operations centers are being implemented with a focus on threat detection and response

As businesses’ focus shifts from threat prevention to threat detection, greater investment in security operations centers (SOCs) will be required. Peter Firstbrook, Research Vice President at Gartner, says: “The need for SRM leaders to build or outsource an SOC that integrates threat intelligence, consolidates security alerts and automates response cannot be overstated.”

3. Data security governance frameworks will prioritize data security investments

The complex issue of data security cannot be addressed without a strong understanding of the data itself, the context in which it is created and used, and how it is subject to regulation. Many organizations are addressing the issue through a data security governance framework (DSGF). “DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimize risk,” says Peter. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first.”

4. Passwordless authentication is achieving market traction

Passwordless authentication is being increasingly deployed in an effort to combat hackers who target passwords to access cloud-based applications. Such methods offer increased security as well as usability.

5. Security product vendors are increasingly offering premium skills and training services

The number of unfilled cybersecurity roles is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020, and the skills gap cannot entirely be filled by machine learning and automation. “We are starting to see vendors offer solutions that are a fusion of products and operational services to accelerate product adoption,” says Peter.

6. Investments will be made in cloud security competencies as a mainstream computing platform

The shift to cloud means stretching security teams thin, as talent may be unavailable and organizations are simply not prepared for it. Peter says: “Organizations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”

Peter concludes: “External factors and security-specific threats are converging to influence the overall security and risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives.”

Related content: How to guarantee security in the cloud