By Rachel Holle | June 5, 2024
Executive Insights from Gartner Security and Risk Management Summit 2024
Threat environments are becoming more complex as successful cyberattacks increase in both volume and impact, budget growth levels off and the cybersecurity talent shortage worsens. In their opening keynote, Gartner VP Analysts Christopher Mixter and Dennis Xu explored how augmented cybersecurity — elevating response and recovery efforts to equal those of prevention — can enable security leaders to thrive, rather than merely survive.
To progress toward becoming an augmented cybersecurity organization:
Build a fault-tolerant organization. Improve response and recovery capabilities in two areas of business activity where preventative cybersecurity measures are very visibly underperforming: generative AI and the use of third parties.
Pursue a minimum effective toolset. Identify redundancies and gaps by mapping your toolset to your controls framework, build technology POCs around frequent deployment risks and aggressively pursue GenAI-driven efficiencies and augmentations.
Cyber risk management is an integral part of modern business management. To meet evolving leadership expectations, cybersecurity operating models must transform to support and accelerate business outcomes — and the key to transformation is to read the signals early. In this session, Gartner Director Analyst Deepti Gopal shared the essential components of a cyber-risk management program operating in interconnected digital environments.
“By 2026, 70% of boards will include one member with cybersecurity experience, which will provide an opportunity to clarify common leadership misconceptions.”
Deepti Gopal, Director Analyst at Gartner
Successful cyber-risk management programs are:
Dynamic. The risk landscape is in a state of flux, and risk management must adapt accordingly.
Distributed. As the business IT environment becomes more complex, distributed technology and analytical work exponentially expands the volume, variety and velocity of cyber risk decision making.
Defensible. Decision-makers require easily understood investment data and amortization calculations to make defensible decisions.
Data-driven. Integration with operational tools in near-real-time and an automated fashion is becoming a core capability for cyber risk management software. In turn, continuous control monitoring is necessary.
Excellence in cybersecurity transformation depends on creative conflict, a constructive approach to team solutioning. Gartner Senior Director Analyst Cynthia Phillips outlined how teams can embrace creative conflict to harness collective potential.
“Threat actors are often unconventional, which necessitates an equally creative cybersecurity team.”
Cynthia Phillips, Sr Director Analyst at Gartner
To harness creative conflict:
Understand the connection between conflict and creativity. Conflict is a perceived interference of needs, while creativity is divergent thinking. View differing perspectives as resources rather than hurdles.
Foster creativity with diverse mindsets. Diversity increases information diligence and promotes discussion of differing views. Avoid similarity, which can inhibit insights and innovation, among team members.
Moderate emotional friction. Sense emotional friction as it arises. Interpret the cause of conflict and respond by clarifying perception and providing perspective while modeling openness.
Effective CISOs achieve four goals: functional leadership, information security service delivery, enterprise responsiveness and scaled governance. Gartner Senior Principal of Research Chiara Girardi outlined what differentiates effective CISOs and shared a roadmap for taking immediate action to address your priorities.
“What differentiates effective CISOs from the rest of the cybersecurity leadership community is largely within the CISO’s control.”
Chiara Girardi, Sr Principal, Research at Gartner
To be more effective:
Set clear boundaries. Delineate work and nonwork windows with the knowledge that time is your scarcest resource.
Prioritize professional development. Dedicate recurring and intentional time to it.
Collaborate with executive peers. Assess their risk appetite and priorities, and use this information to set the organization’s cyber risk appetite.
Gartner Security and Risk Management Summit brings together experts, thought leaders and innovators to explore the evolving landscape of digital risks and strategies for resilience. Enhance your cybersecurity strategy and vision and gain insights into topics ranging from generative AI, to risk and compliance management, security metrics, cloud security, security governance and policy, data security, vulnerability management and more.
Learn more about Gartner Security and Risk Management Summit taking place in National Harbor, London, Dubai, Mumbai, Tokyo and Sydney in 2024 and 2025.
Share this article
Chris Mixter is a Vice President Analyst, creating insight and implementation guidance to support CISOs and CIOs around the world on their most important cybersecurity management challenges. Chris is a keynote speaker and workshop facilitator at Gartner events globally. Chris has deep expertise across the span of CISO Effectiveness, from cybersecurity operating models to effectively influencing across Cybersecurity leaders' stakeholder ecosystem. His most frequent client engagements are on the subjects of CISO effectiveness, board-level reporting, cybersecurity performance measurement, third party cyber risk management and cybersecurity AI strategy. Chris lives in Arlington, Virginia, USA with his wife, son, daughter, and a Border Collie who knows things.
Dennis Xu is a Research Vice President with Gartner for Technical Professionals (GTP) on the Cybersecurity team. He covers AI security & cloud security topics that include AI Security Platform (AISP), Microsoft 365 Copilot Security, SaaS Security Posture Management (SSPM), Security Service Edge (SSE), CSPM, CWPP, and CNAPP.
Chiara Girardi is a Research Director for the Cybersecurity Research team. She has led research studies in the area of cybersecurity budgets, securing agile workflows, and CISO effectiveness. Prior to Gartner, Chiara worked as a marketing analyst for Warner Brothers, focusing on the expansion of their streaming platform HBO Max. She has a PhD from Johns Hopkins University.
Dr. Phillips specializes in operational excellence and organizational change leadership. She supports leaders to evaluate, accelerate and amplify measurable transformation outcomes and effectively engage stakeholders to ensure change readiness and resilience. Her primary coverage includes transformation strategy and leadership; organizational behaviors such as collaboration, conflict and creativity; process design, improvement and measurement; benefit quantification; and project and portfolio management.
Ms. Gopal is a Director Analyst at Gartner Research & Advisory, with nearly two decades of hands-on experience in Cybersecurity Risk Management and Strategy for Global enterprises. She has shaped and led the agendas of Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) in her previous roles, and continues to support CIOs and CISOs in developing their strategic priorities in her current role. Ms. Gopal is recognized for her ability to translate strategic vision into tangible operational outcomes, having successfully led organizations through complex transformations such as mergers, acquisitions, divestitures, IPOs, new business launches, and market expansion initiatives. She has also been instrumental in establishing international subsidiaries to support global growth. Ms. Gopal specializes in aligning the strategic priorities of Executive Leadership (CEO, Executive, non-executive directors) with the operational demands of Cybersecurity and Information Technology, ensuring that technology and security programs advance overall business objectives. Drawing on her extensive practitioner experience and leadership skills, she now assists clients in designing and implementing effective, outcome-driven cybersecurity and risk management frameworks that are tightly integrated with business strategy. Ms. Gopal champions a comprehensive approach to cybersecurity, viewing it not merely as a technical necessity, but as a strategic asset and value driver that directly supports organizational success. Ms. Gopal promotes a "bi-directional" risk management approach to enhance organizational effectiveness.
For More Insights
Drive stronger performance on your mission-critical priorities.
