Global business analyst Gartner outlines areas of threats and opportunities for artificial intelligence in the cybersecurity industry over the coming decade.
Among its top eight predictions for 2024, it expects the adoption of generative AI (GenAI) to close the cybersecurity skills gap and reduce human cybersecurity incidents; two-thirds of 100 global organizations will extend D&O insurance to cybersecurity managers due to their personal legal exposure; and fighting misinformation will likely cost businesses more than $500 billion.
The company recommends that cybersecurity leaders incorporate the following planning assumptions into their security strategies for the coming years:
- By 2028, the adoption of GenAI will close the skills gap, removing the need for specialized training for 50% of entry-level cybersecurity positions. This will change the way organizations hire and train cybersecurity workers who are looking for the right skills as much as the right training. Gartner recommends that cybersecurity teams focus on internal use cases that support users in their work, coordinate with HR partners, and identify adjacent talent for more critical cybersecurity roles.
- By 2026, companies combining GenAI with integrated platform-based architecture in security behavior and culture programs will experience 40% fewer employee-initiated cybersecurity incidents. GenAI has the potential to generate hyper-personalized content and training materials that take into account an employee’s unique attributes. This will increase the likelihood that employees will adopt safer behaviors in their daily work.
- By 2026, 75% of organizations will exclude unmanaged, legacy, and cyber-physical systems from their zero trust strategies. Under a zero trust strategy, users and endpoints receive only the access necessary to perform their jobs and are continuously monitored for evolving threats.
- By 2027, two-thirds of the world’s 100 organizations will extend their directors’ and officers’ insurance to those responsible for cybersecurity because of their personal legal exposure. New laws and regulations, such as the U.S. Securities and Exchange Commission’s Cybersecurity Disclosure and Reporting Rules, expose cybersecurity managers to personal liability and must be insured against such liability.
- By 2028, corporate spending to combat misinformation will exceed $500 billion, cannibalizing 50% of marketing and cybersecurity budgets. The combination of AI, analytics, behavioral science, social media, the Internet of Things and other technologies allows malicious actors to create and distribute highly effective and personalized misinformation. Businesses should invest in tools and techniques to combat this problem by using chaos engineering to test for resilience.
- By 2026, 40% of identity and access management (IAM) leaders will have primary responsibility for detecting and responding to IAM-related breaches. As the importance of IAM leaders continues to grow, they will move in different directions, each with increased responsibility, visibility, and influence. Gartner recommends breaking down traditional IT and security silos by giving stakeholders visibility into the role IAM plays.
- By 2027, 70% of organizations will combine data loss prevention and internal risk management disciplines with the IAM context to more effectively identify suspicious behavior. Growing interest in consolidated controls has prompted vendors to develop features that represent an overlap between controls focused on user behavior and data loss prevention. Gartner recommends that organizations identify data and identity risks and use them in tandem as a primary guideline for strategic data security.
- By 2027, 30% of cybersecurity functions will reimagine application security to be used directly by non-cybersecurity experts and owned by application owners. The volume, variety, and context of applications created by enterprise technologists and distributed delivery teams generate the potential for exposure far beyond what dedicated application security teams can manage.
Deepti Gopal, Principal Analyst at Gartner, said: “As we begin to move beyond what is possible with GenAI, strong opportunities are emerging to help solve a number of recurring issues plaguing cybersecurity, particularly skills shortage and insecure human behavior. The scope of this year’s top predictions clearly isn’t about technology, as the human element continues to get much more attention. Any information security manager looking to build an effective and sustainable cybersecurity program should make it a priority.