Gartner Security & Risk Management Summit 2026 National Harbor: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 2 from the conference, we are highlighting cybersecurity planning in the face of AI disruption and geopolitical volatility, how to address the threat quantum poses to cybersecurity and Gartner’s keynote on the future of cyber in 2030. Be sure to check this page throughout the day for updates.

• Gartner Identifies Strategic Focus Areas for CISOs to Seize Moments of Opportunity Among AI Chaos
• Gartner Identifies Four Critical Threats Requiring Urgent Improvements from Cybersecurity Leaders

Presented by William Dupre, VP Analyst, Gartner

Global conflict, AI-based disruption and political upheaval continue to impact the risk landscape for organizations. In this environment, cybersecurity programs become paramount. In this session, William Dupre, VP Analyst at Gartner, provided insights into the current global cybersecurity landscape.

• “Geopolitical chaos, regime uncertainty, disruptions from AI, and the realities of a post-quantum world are four areas security leaders must navigate in the future.”
• “It is imperative that security professionals seize this moment to address the turbulence coming our way by architecting the organizations for resilience, seizing the AI moment to use AI as a force multiplier, and expecting disruption.”
• “Through 2029, over 50% of successful cybersecurity attacks against AI agents will exploit access control issues, using direct or indirect prompt injection as an attack vector.”
• “Seventy-five percent of security operations center (SOC) teams will experience erosion in foundational security analysis skills due to overdependence on automation and AI by 2030.”
• “Over- or under-reliance on AI will create a great divergence among organizations. Security leaders must prepare for this reality: technological possibility is not economic inevitability.”

Journalists can receive additional information and/or request an interview with William Dupre by contacting Matt LoDolce at Matt.LoDolce@Gartner.com.

Presented by Sarah Almond, Director Analyst, Gartner

The clock is ticking on current cryptographic infrastructure. With the advent of large-scale, fault-tolerant quantum computers looming, the algorithms that organizations rely on today will be rendered obsolete, leaving digital communications vulnerable. In this session, Sarah Almond, Director Analyst at Gartner, discussed the three waves of cryptography which security leaders will need to upgrade before Q-day hits.

• “Quantum computers pose a significant threat to cybersecurity primarily because they can break many of the cryptographic algorithms currently used to secure the digital world.”

• “Is a sufficiently powerful quantum computer a reality any time soon? Gartner predicts that one could arrive by  the end of the decade. It is not so much a matter of if, but when.”

• “Post quantum cryptography (PCQ) will come at us in three waves. Security leaders need to be prepared and have a plan to address the waves as they hit.”

  • Wave 1: Strengthen symmetric encryption and migrate to postquantum key exchange.

  • Wave 2: Upgrade private PKI and the hardware security modules (HSMs) that underpin it. Monitor public PKI.

  • Wave 3: Migrate digital signatures, prioritizing long-lived use cases, and budget for potential hardware upgrades.

• “Migration to post-quantum cryptography will happen regardless if quantum computing becomes a real threat or not.”

Journalists can receive additional information and/or request an interview with Sarah Almond by contacting Matt LoDolce at Matt.LoDolce@Gartner.com.

Presented by Peter Firstbrook, Distinguished VP Analyst, Gartner

AI has been rapidly reshaping the cybersecurity landscape over the last few years. In this keynote session, Peter Firstbrook, Distinguished VP Analyst at Gartner, explored the future of cybersecurity skills, technology and the next wave of impact that AI will thrust upon the industry. He showcased what cybersecurity leaders can anticipate going forward, and the expected impact on security teams, budgets, and the overall cybersecurity program by 2030.

• “CIOs must define a clear ‘north star’ for IT, establishing a high-level vision for the organization’s future. This vision involves selecting archetypes to guide direction, determining the pace of transformation, and deciding whether to pursue an AI-first approach or proceed cautiously.”

• “Beyond workforce transformation, the technology stack must also evolve. It must progress from AI-readiness to agent-readiness and ultimately democratization-readiness.”

• “By 2030, cybersecurity expertise must be embedded into ad hoc agile development processes.”

• “Cybersecurity headcount needs to increase despite productivity gains. The increased complexity, expanded threat landscape, and regulatory scrutiny associated with AI require a larger, augmented cybersecurity workforce.”

• “AI will transform cybersecurity. CISOs must become active enablers of business-led innovation; however, responsibility for GenAI security must also reside with the business.”

Journalists can receive additional information and/or request an interview with Peter Firstbrook by contacting Matt LoDolce at Matt.LoDolce@Gartner.com.