According to Gartner, 2024 will be the year that gen AI-driven security products finally emerge, and 2025 will see those tools delivering real risk-management outcomes.
Generative AI is the technology of the moment — and the future — but cybersecurity leaders have yet to truly put it to work. It’s difficult to identify “best practices,” when so many are grasping at “new practices” that haven’t yet been proven to deliver outcomes and ROI.
Vendors are increasingly making overtures and promises around AI’s benefits — fostering innovation, offering gains in speed and productivity — but the revolutionary technology has yet to offer real viability when it comes to cybersecurity.
However, according to Gartner, 2024 will be the year that gen AI-driven security products finally emerge, and 2025 will see those tools delivering real risk-management outcomes.
This prediction is among the IT consulting firm’s top cybersecurity trends for 2024 (among others explored below).
“CISOs are concerned about how to enable their organization to safely, securely and ethically introduce gen AI and leverage the technology to help achieve or accelerate the achievement of their strategic objectives,” Richard Addiscott, Gartner senior director analyst, told VentureBeat. CISOs are both skeptical and hopeful about generative AI
In the not-so-distant future, gen AI can help security departments increase their defensive capabilities, including in areas such as vulnerability management and threat intelligence and response, Addiscott pointed out.
“Gen AI also has the potential for a security team to increase operational efficiency — something that is a key business driver given the current global cybersecurity talent shortages,” he said.
As of now, however, employees are more likely to experience prompt fatigue rather than productivity growth, he noted. However, organizations should still encourage experiments and manage expectations — both inside the security department and out.
Ultimately, while many organizations are initially skeptical, there’s “solid long-term hope for the technology,” said Addiscott. Security Behavior and Culture Programs taking root
Culture is critical to any cybersecurity program. According to Gartner, CISOs are increasingly embracing this idea and adopting security behavior and culture programs (SBCPs).
The firm predicts that by 2027, 50% of CISOs at large enterprises will have adopted human-centric security practices.
“SBCPs represent a more comprehensive and integrated approach, where the intent is to foster and embed more secure behaviors and work practices across the breadth of the organization,” explained Addiscott.
This tactic takes a more holistic view across all enterprise roles and functions, rather than merely focusing on the actions of the end-user employee.
To support organizations in their move to this model, Garter has developed PIPE (practices, influences, platforms, enablers), a framework guiding practices not traditionally used in security awareness programs — such as organizational change management, human-centric design practices, marketing and PR and security coaching.
