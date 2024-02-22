Credit: Dreamstime

Generative artificial intelligence (GenAI) is occupying "significant headspace of security leaders" as they plan their investment strategies for 2024.

According to analyst firm Gartner, GenAI is being greeted by "short-term scepticism [and] longer-term hope" with large language model (LLM) applications like ChatGPT and Gemini only the "start of its disruption".

Other trends ranked by Gartner also include boardroom communication gaps, workplace culture, third-party partners, identity management and continuous threat exposure management (CTEM).

However, GenAI topped the six outlined trends due to the promises of "productivity increases, skills gap reductions and other new benefits for cyber security".

"GenAI is occupying significant headspace of security leaders as another challenge to manage, but also offers an opportunity to harness its capabilities to augment security at an operational level," said Richard Addiscott, senior director analyst at Gartner. "Despite GenAI's inescapable force, leaders also continue to contend with other external factors outside their control they shouldn't ignore this year."

Gartner suggested security leaders should use GenAI for proactive collaboration with business stakeholders to support the foundations for the ethical, safe and secure use of the technology.

"It's important to recognise that this is only the beginning of GenAI's evolution, with many of the demos we've seen in security operations and application security showing real promise," said Addiscott. "There's solid long-term hope for the technology, but right now we're more likely to experience prompt fatigue than two-digit productivity growth. Things will improve, so encourage experiments and manage expectations, especially outside the security team."

With trend two, bridging boardroom communication gaps, Gartner said security events are undermining the company board and executives' confidence.

As such, outcome-driven metrics (ODM) are increasingly being adopted to enable stakeholders to draw a line between cyber security investment and the delivered protection levels it generates. According to Gartner, ODMs are central to creating a cyber security investment strategy, reflecting agreed protection levels with powerful properties, and in simple language that is explainable to non-IT executives.

Trend three focuses on cultural programs, with Gartner claiming that half of large enterprise CISOs will have adopted human-centric security design practices by 2027.

Known as security behaviour and culture programs (SBCP), these programs are designed to reduce cyber security incidents associated with employee error.

In trend four, Gartner suggested that security leaders should enhance risk management of third-party services and establish mutually beneficial relationships with important external partners to ensure their most valuable assets are continuously safeguarded.

"Start by strengthening contingency plans for third-party engagements that pose the highest cyber security risk," said Addiscott. "Create third-party-specific incident playbooks, conduct tabletop exercises and define a clear offboarding strategy involving, for example, timely revocation of access and destruction of data."

Trend five, continuous threat exposure management (CTEM), is predicted to cause a 66 per cent reduction in breaches by 2026, according to Gartner.

To realise this, the analyst firm said security leaders must continuously monitor hybrid digital environments to enable early identification and optimal prioritisation of vulnerabilities to maintain a robust attack surface.

Lastly, Gartner's sixth trend claims security leaders will extend the role of identity and access management (IAM). This means an increased use of IAM in security programs and a focus on fundamental hygiene and hardening of systems to improve resilience.