Gartner Security & Risk Management Summit 2025 London: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in London. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 of the conference, we are highlighting the Gartner opening keynote presentation, explaining how to achieve business-aligned data security, and identifying key accelerators to enhance cyber resilience capabilities. Be sure to check this page throughout the day for updates.

Presented by Leigh McMullen, Distinguished VP Analyst and Gartner Fellow and Christine Lee, VP Analyst at Gartner

Hype, whether driven by AI, emerging technologies, geopolitical changes or the latest headline-grabbing cyber attack, threatens to derail strategic objectives and the partnership between cybersecurity and the rest of the business. In this keynote, Leigh McMullen, Distinguished VP Analyst at Gartner and Christine Lee, VP Analyst at Gartner, discussed how CISOs can exploit hype's power to drive their cybersecurity program and the resilience of their organization.

• “There are three key areas to help anticipate the future needs of CISOs due to the increased hype and allow them meet the needs of today’s complex, fast and unpredictable reality.”
• Be Mission-Aligned: “When CISOs communicate in terms of protection levels and buying down exposure levels, they are less likely to get caught up in someone else’s marketing hype. This eventually helps CISOs prove that their cybersecurity efforts are aligned to their organization’s mission.”

• Be Innovation-Ready: “CISOs must cultivate AI literacy, experiment with AI in cybersecurity and protect AI investments in their organizations.”
• Be Change-Agile: “CISOS must be able to empower their teams to be part of the solution and feel agency. If CISOs’ teams feel agency, they will want to focus on automating repetitive tasks and developing new skills to fuel your growth as well as theirs, which in turn will make them resilient agents of change no matter what that change is.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Laurence Goasduff at laurence.goasduff@gartner.com.

Presented by Rahul Balakrishnan, Sr. Director Analyst, Gartner

Only 14% of cybersecurity leaders meet their data security goals and support their organization’s business objectives. In this session, Rahul Balakrishnan, Sr. Director Analyst at Gartner, highlighted three actions to help chief information security officers (CISOs) align data security to their organization’s business needs.

• “61% of organizations have had at least one data breach.”

• “Only 14% of CISOs effectively secure organizational data assets while simultaneously enabling the use of data to achieve business objectives.”

• CISOs can take three actions to align data security with their organization’s business needs:

  • Reassess data security strategy based on changes in the organization.

  • Make it easy for the business to inform data security policies.

  • Facilitate business-led, collaborative experimentation with generative AI (GenAI).

• “CISOs with a strong process for handling exception requests from end users see a 53% improvement in their ability to achieve data security goals.”

• Gartner predicts that by 2027, 40% of security teams will promote experimentation with GenAI to uncover data security risks associated with GenAI tool adoption.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Laurence Goasduff at laurence.goasduff@gartner.com.

Presented by Arthur Sivanathan, Sr. Director Analyst, Gartner

Cyber resilience goes beyond securing an organization’s infrastructure and assets—it focuses on what matters most to an organization. In this session, Arthur Sivanathan, Sr. Director Analyst at Gartner, identified key accelerators chief information security officers (CISOs) can take to enhance their organization’s cyber resilience capabilities.

• “Several regulations, including NIS2 and DORA, are driving CISOs to prioritize cybersecurity resilience in Europe and globally.”

• “Cyber resilience isn't just a strategic advantage; it's a critical necessity for survival.”

• “Kick start your cyber resilience strategy by understanding where you sit from a basic hygiene perspective and integrate one or more intermediate and advanced capabilities.”

• “Business impact assessment should be at the heart of CISOs cyber resilience programs as it can help focus on what really matters to their organisation.”

• “CISOs tend to focus on detection and response when it comes to cyber resilience.  Recognize that recovery and collaboration with cross-functional teams is essential to achieving overarching organizational resilience."

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Laurence Goasduff at laurence.goasduff@gartner.com.