Global technology research and consulting firm, Gartner, recently revealed their top eight cybersecurity predictions for the next few years.

  • The way companies hire cybersecurity workers will change over the next few years as the adoption of generative AI will close the skills gap. This will remove the need for specialised expertise for entry-level cybersecurity positions. 
  • Companies that incorporate generative AI into their security behaviour and culture programmes will experience fewer employee-driven cybersecurity incidents. By personalising content and training to individual employees, they’re more likely to adopt secure working methods day-to-day.
  • By the end of 2026, 75% of organisations will remove unmanaged and old systems from their zero trust strategies.
  • In the next couple of years, directors and officers (D&O) insurance will likely be extended to cybersecurity leaders in many large organisations. This is due to an increasing personal legal exposure thanks to new laws and regulations around disclosing and reporting information about cybersecurity and cyberattacks. 
  • By 2028 enterprise organisations will be spending more than USD 500bn on battling malinformation. This is being driven by technologies that enable malicious actors to create and spread disinformation more easily – social media, Internet of Things, AI etc. The budget to tackle this will likely have to come from marketing and cybersecurity teams, impacting how much they can spend on other areas.
  • Almost half (40%) of identity and access management (IAM) leaders will take responsibility for detecting and responding to IAM-related breaches over the next couple of years. They will continue to grow in importance and have increased responsibility, visibility and influence.
  • By 2027, 70% of organisations combine data loss prevention and insider risk management with IAM to identify suspicious behaviour more effectively. 
  • By 2027, application security will be redesigned in around a third of companies so that it can be used directly by non-cyber experts. By building minimum effective expertise within delivery teams, it can bridge the gap between cybersecurity and application development teams in terms of reducing exposure.