Gartner Security & Risk Management Summit 2026, Sydney: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in Sydney, Australia. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 from the conference, we are highlighting sessions on the top cybersecurity trends; how to increase confidence in cybersecurity; and the outlook for human factors in cybersecurity.

• Gartner Predicts AI Applications Will Drive 50% of Cybersecurity Incident Response Efforts by 2028
• Gartner Forecasts Information Security Spending in Australia to Reach Over $7.5 Billion in 2026

Presented by Richard Addiscott, VP Analyst, Gartner

CISOs are facing disruption from external forces, ranging from geopolitical tensions to the rapid growth of AI, testing the limits of existing programs. In this session, Richard Addiscott, VP Analyst at Gartner, outlined Gartner’s top cybersecurity trends for 2026, offering organizations the strategic direction needed to manage risk and strengthen resilience across three key themes: transform governance, secure new frontiers and normalize AI adoption.

• “Amid regulatory volatility and geopolitical, technological and organizational forces, CISOs must rethink how they approach cyber risk management, resilience and resource allocation by assessing each trend to determine whether to embrace, monitor or deprioritize.”

• Postquantum computing moves into action plans: “As quantum computing renders today’s cryptography unsafe by 2030, CISOs must inventory all crypto assets and establish a center of excellence to accelerate crypto‑agile readiness.”

• Agentic AI demands cybersecurity oversight: “Identify both sanctioned and unsanctioned AI agents, then enforce robust controls for each based on access and agency.”

• Global regulatory volatility drives cyber resilience efforts: “Treat compliance as a strategic advantage, not a checklist to drive cyber resilience.”

• GenAI breaks traditional cybersecurity awareness tactics: “Stop relying on general awareness and focus on adaptive training that provides visibility into individual employee behaviors.” 
  
  Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Emma Keen at emma.keen@gartner.com. 

Presented by Kristin Moyer, Distinguished VP Analyst, Gartner

Boards lack confidence in their own cybersecurity oversight abilities and those of their CEO. Lack of board confidence spells trouble for CIOs because it can amplify pressure for unrealistic results, lower investment appetite and ultimately reduce business resilience. In this session, Kristin Moyer, Distinguished VP Analyst at Gartner, discussed how CIOs can empower a confident, cyber resilient board.

• “Ninety percent of non-executive board directors lack confidence in cybersecurity value.”

• “The key to increase board confidence is to become a sense maker. Sense maker CIOs and CISOs have managed to earn their boards’ trust on “just right” levels of protection and cost.”

• “Fewer cybersecurity breaches won’t earn board trust – business alignment will.”

• “Being transparent about actual exposure levels and revealing uncomfortable truths builds board confidence.”

• “Real cybersecurity leadership means protecting what the organization values, from managing cost and reducing risk, to safeguarding revenue.” 
  
  Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Emma Keen at emma.keen@gartner.com.

Presented by Mia Yu, Director Analyst, Gartner

The human element represents the single greatest unexplored opportunity for optimizing an organization’s cybersecurity risk exposure in an increasingly complex and conflicted operating environment. While technology helps, it can’t deliver full value without the human element. In this session, Mia Yu, Director Analyst at Gartner, explored three human elements CISOs must tap into to optimize the outcomes of cybersecurity programs.

• “The greatest – and most neglected – opportunity to reduce cyber risk in any organization is harnessing the human element.”

• “Mounting pressure is driving employees to insecure behavior. Cybersecurity isn’t at the top of their minds and they’re looking for any way to make their lives easier, resulting in 41% intentionally bypassing cybersecurity controls.”

• “Burnout quietly shapes the daily reality of cybersecurity teams – how they respond to threats, enable secure design and control implementation. Those that don’t address it risk losing their most valuable assets and make their organizations more vulnerable.”

• “Only CISOs carry the triple AI mandate: secure AI, defend against AI-enabled attacks and use AI to do both. Upskilling isn’t optional; it’s the only way to survive this pressure.”

• “Employees are humans, not risks. Mindsets must change from treating them as risks and investing in them to become a more valuable part of the cybersecurity program.”

   

  Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Emma Keen at emma.keen@gartner.com.