Gartner has unveiled its top eight cybersecurity predictions for 2024 and beyond at the Gartner Security & Risk Management Summit in Sydney. The predictions dive into pivotal issues in cybersecurity, including the role of artificial intelligence, employee-driven incidents, insurance against personal legal exposure, and the rising cost of battling malinformation.

According to Gartner, the adoption of generative AI (GenAI) is set to transform the cybersecurity landscape by bridging the skills gap and reducing the occurrence of employee-driven security incidents. Deepti Gopal, Director Analyst at Gartner, emphasised the importance of human behaviour in the context of cybersecurity. “As we start moving beyond what’s possible with GenAI, solid opportunities are emerging to help solve a number of perennial issues plaguing cybersecurity, particularly the skills shortage and unsecure human behaviour. The scope of the top predictions this year is clearly not on technology, as the human element continues to gain far more attention.” Gopal stated.

By 2028, GenAI adoption is predicted to collapse the skills gap, removing the need for specialised education from 50% of entry-level cybersecurity positions. Furthermore, by 2026, enterprises which combine GenAI with integrated platforms-based architecture in security behaviour and culture programs (SBCP) are expected to experience 40% fewer employee-driven cybersecurity incidents. “Organisations that haven’t yet embraced GenAI capabilities should evaluate their current external security awareness partner to understand how it is leveraging GenAI as part of its solution roadmap,” advised Gopal.

Gartner also highlighted the growing personal legal exposure faced by cybersecurity leaders due to new laws and regulations. The company predicts that, by 2027, two-thirds of global 100 organisations will extend directors and officers (D&O) insurance to cybersecurity leaders to mitigate this risk. Additionally, increasing professional risk and legal expenses are driving organisations to explore benefits coverage for these roles.

On the financial front, Gartner warns of the enormous cost of combating malinformation. By 2028, enterprises are expected to spend over US$500 billion on this issue, cannibalising half of marketing and cybersecurity budgets. Gartner also revealed that by 2027, 70% of organisations are likely to merge data loss prevention and insider risk management disciplines with identity and access management (IAM) context for more effective detection of suspicious behaviour.

Finally, the insights predicted a trend towards application security becoming more user-friendly, with 30% of cybersecurity functions likely to be redesigned to be directly consumed by non-experts and owned by application owners by 2027. “To bridge the gap, cybersecurity functions must build minimum effective expertise in these teams, using a combination of technology and training to generate only as much competence as is required to make cyber risk informed decisions autonomously,” concluded Gopal.