Security and risk management leaders are looking to better understand the link between risk and business goals, according to Gartner.
In its newly released list of the top seven security and risk management trends for 2019, Gartner identified the ongoing strategic shifts in the security ecosystem that, given their potential for disruption, are expected to have a significant impact on the industry.
The number one trend, "risk appetite statements are becoming linked to business outcomes," is indicative of the industry’s shifting focus on issues related to IT strategies. According to Peter Firstbrook, research vice president at Gartner, linking business goals to risk appetite statements “leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”
Additionally, continued investments in threat detection and prevention have created a need for more investment in security operations centers (SOCs). “Detection and response capabilities are a major security gap that’s important and urgent for many organizations to still address as the ability to know if one is compromised is fundamental to effective risk management,” said Matt Walmsley, EMEA director at Vectra.
“Prevention will fail, and attackers will get inside, as the headlines shouting about the latest successful cyber breach remind us with predictable regularity. For example, it takes a median of 177 days in Europe before an active attacker is discovered inside an organization, and whilst the latest reports show that attacker dwell times are slowly trending down, that doesn’t tell the whole story, nor should we be complacent.”
Data security continues to demand that businesses establish data security governance frameworks (DSGF), and analysts identified a lot of market traction around passwordless authentication. “The technology is being increasingly deployed in enterprise applications for consumers and employees, as there is ample supply and demand for it,” the release said.
Also trending in 2019 is the increased offering of skills and training services, along with investments in cloud security competencies as mainstream computing. “Public cloud is a secure and viable option for many organizations, but keeping it secure is a shared responsibility,” Firstbrook said in the press release.
“Organizations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”