Six cybersecurity trends for 2024: Gartner

The likes of Generative AI, changing employee behaviour, external risks and leadership gaps are some of the top cybersecurity trends identified for 2024, according to research and consulting services company, Gartner

Gartner’s lists of trends include generative AI unsecure employee behaviour, third-party risks, continuous threat exposure, boardroom communication gaps and identity-first approaches to security.

Richard Addiscott, senior director analyst at Gartner, said “Generative AI is occupying significant headspace of security leaders as another challenge to manage, but also offers an opportunity to harness its capabilities to augment security at an operational level,”

“Despite GenAI’s inescapable force, leaders also continue to contend with other external factors outside their control they shouldn’t ignore this year,” Addiscott said. 

According to Gartner, this year will see security leaders react to these collective trends via implementing processes, technical capabilities and structural reforms within their security program aimed at boosting a company’s security posture and strength. 

When it comes to generative AI, Addiscott said, “It’s important to recognise that this is only the beginning of GenAI’s evolution, with many of the demos we’ve seen in security operations and application security showing real promise.” 

“There’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth. 

“Things will improve, so encourage experiments and manage expectations, especially outside of the security team,” Addiscott said. 

In its findings, Gartner also noted that outcome-driven metrics (ODMs) are being accepted to allow participants to mark clearly between cybersecurity investment and the delivered protection levels it generates.

“Organisations using SBCPs [security behaviour and culture programs] have experienced better employee adoption of security controls; reductions in unsecure behaviour and increases in speed and agility,” added Addiscott. 

“It also leads to a more effective use of cybersecurity resources as employees become competent at making independent cyber risk decisions.”

Gartner also recommended security leaders enhance risk management of third-party services and create relationships with high-priority external partners, to guarantee the most valuable assets are continuously safeguarded. 

“Start by strengthening contingency plans for third-party engagements that pose the highest cybersecurity risk,” said Addiscott. 

“Create third-party-specific incident playbooks, conduct tabletop exercises and define a clear offboarding strategy involving, for example, timely revocation of access and destruction of data.”

The findings also noted continuous threat exposure management (CTEM) programs are set to gain momentum. 

The report said by the year 2026, companies who opt to prioritise security investments based on this program will see at least a two-thirds reduction in breaches. 

The last trend noted by the findings is the trend that organisations will move to an identity-first approach to security.