Gartner Security & Risk Management Summit 2025 London: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in London. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 of the conference, we are discussing how to mitigate deepfake identity impersonation attacks, exploring the evolution of security in midsize organizations, and sharing the latest developments in privacy. Be sure to check this page throughout the day for updates.

Presented by Akif Khan, VP Analyst, Gartner

Attackers are increasingly using deepfakes to bypass automated voice biometrics and identity verification, while security leaders face deepfake-enhanced social engineering, like impersonating executives to request money transfers. In this session, Akif Khan, VP Analyst at Gartner, discussed the current state-of-the-art in deepfake detection and approaches to mitigation.

• “GenAI-created deepfakes can be used by attackers to impersonate the identity of genuine customers or employees. Deepfakes can be combined with social engineering in calls to employees to try to trick them into helping the attackers achieve their goals.”

• “Deepfake voices are a threat to automated voice authentication. CISOs must check if their authentication vendors have native deepfake voice detection capability.”

• “Preventing deepfake identity impersonation attacks is not just about being able to detect the deepfake, as all risk signals are useful.”

• “Deepfakes and social engineering are a bad combination. CISOs must make their people and processes more resilient but stay aware of nascent technical solutions.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Laurence Goasduff at laurence.goasduff@gartner.com.

Presented by Paul Furtado, VP Analyst, Gartner

Midsize enterprises are challenged with addressing the changing cyber landscape with minimal resources. In this session, Paul Furtado, VP Analyst at Gartner, explored how chief information security officers (CISOs) in midsize organizations can strengthen security and address threats and insider risks within their organization.

• “75% of employees will acquire, modify or create technology outside of IT’s visibility.”

• “60% of organizations will adopt a decentralized risk ownership model at the edge.”

• “Establish a comprehensive security program. A successful program embodies strategic and tactical characteristics including accountability, transparency, partnership, incident response and always on.”

• “76% of ransomware attacks happen after hours, CISOs need 24x7 monitoring.”

• In terms of next steps:

  • Complete a risk evaluation. Determine what risk will be accepted, monitored, managed or mitigated.

  • Develop comprehensive incident response and business continuity plans. Plan for 25%, 50% and 100% disruption. 

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Laurence Goasduff at laurence.goasduff@gartner.com.

Presented by Bernard Woo, VP Analyst, Gartner

Privacy has become a "three-body problem" with differing approaches taken by different jurisdictions, ultimately pulling organizations in different directions. In this session, Bernard Woo, VP Analyst at Gartner, shared the latest developments in privacy, including practical suggestions on how to make smart technology investments to meet these challenges.

• “As we close in on almost 10 years of Europe’s GDPR going into effect, it remains the standard that most jurisdictions use to guide their approach to privacy regulations. Increasingly though, different jurisdictions are adjusting the principles established by the GDPR to suit their local needs.”

• “By 2027, 90% of online vendors providing age-restricted products and offerings will have implemented age verification and consent tracking to comply with the new online data privacy and security regulations.”

• “Connect with senior leaders to prioritize which privacy trend has the greatest impact on organizational objectives and needs focus first.”

• “In the age of AI and increasing divergence in regulatory approaches, chasing compliance only causes endless churn. Guide people in the organization to build a privacy culture based on customer expectations to achieve the agility to adjust to ever changing conditions.”

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Laurence Goasduff at laurence.goasduff@gartner.com.