Research and advisory company Gartner has outlined the six major trends it believes will shape cybersecurity in 2024. According to a new report, these trends will be driven by developments in generative AI (GenAI), a lack of secure behaviour amongst employees, risks posed by third parties, continuous threat exposure, gaps in communication between security teams and boardrooms, and security approaches prioritising identity.

Gartner's Senior Director Analyst, Richard Addiscott stated that GenAI is perceived by security leaders as a fresh challenge but also provides an opportunity to augment operational-level security. As Addiscott posited, "Despite GenAI's inescapable force, leaders also continue to contend with other external factors outside their control they shouldn't ignore." The report suggests that leaders should address these various forces by adopting best practices, implementing technical capabilities and making structural reforms to improve the performance of their cybersecurity functions and more broadly, their organisation's resilience.

One of the key trends identified by Gartner is the evolving role of GenAI. While leaders are currently highly sceptical, Gartner projects a hopeful outlook for the technology in the long term. “There’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth," Addiscott noted. Gartner recommends proactive collaboration with business stakeholders to ensure the ethical, safe, and secure use of disruptive technology like GenAI.

Gartner also highlighted the crucial role of outcome-driven metrics (ODMs) in bridging the communication gap between cybersecurity teams and boardrooms. The rise in frequency and impact of cybersecurity incidents has undermined confidence in current cybersecurity strategies, leading to increased adoption of ODMs. These metrics, according to Gartner, are central to creating a defensible cybersecurity investment strategy and expressing the level of risk taken on by the organisation.

Also of increasing importance is the shift in focus of security leaders from raising awareness to fostering behavioural change to mitigate cybersecurity risks. By 2027, Gartner predicts half of the large enterprise chief information security officers (CISOs) will have adopted human-centric security design practices to reduce cybersecurity-induced friction and increase control adoption.

Resilience-oriented investments in third-party cybersecurity risk management and the continuous evaluation of accessibility, exposure, and exploitability of assets through Continuous Threat Exposure Management (CTEM) programs also feature prominently in the report. Leaders are encouraged to continuously monitor hybrid digital environments to prioritise vulnerabilities optimally and maintain a hardened organisational attack surface.

Finally, the role of Identity & Access Management (IAM) in security programs is expected to expand as organisations gravitate towards an identity-first approach to security. Gartner recommends security leaders focus on leveraging their identity fabric and identity threat detection and response to ensure their IAM capabilities are best positioned to support the breadth of the overall security program.