Gartner’s Top Security and Risk Management Trends for 2019

Gartner, Inc. has identified key emerging security and risk management trends that the company says will impact security, privacy and risk leaders in the current year and beyond. These top trends represent ongoing strategic shifts in the security ecosystem that are not yet widely recognized, but are expected to have broad industry impact and significant potential for disruption.

“External factors and security-specific threats are converging to influence the overall security and risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives,” said Peter Firstbrook, research vice president at Gartner.

At the top of the list, companies’ willingness to endure risk is becoming increasingly linked to desired business outcomes. As IT strategies become more closely aligned with business goals, the ability for security and risk management leaders to effectively present security matters to key business decision makers gains importance. “To avoid exclusively focusing on issues related to IT decision making, create simple, practical and pragmatic risk appetite statements that are linked to business goals and relevant to board-level decisions,” said Firstbrook. “This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”

At the Number Two spot, the shift in security investments from threat prevention to threat detection requires an investment in security operations centers (SOCs) as the complexity and frequency of security alerts grow. According to Gartner, by 2022, 50 percent of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, up from less than 10 percent in 2015. “The need for SRM leaders to build or outsource a SOC that integrates threat intelligence, consolidates security alerts and automates response cannot be overstated,” said Firstbrook.

Placing third, Gartner believes that data security governance frameworks will prioritize data security investments. Rather than acquiring data protection products and trying to adapt them to suit the business need, leading organizations are starting to address data security through a data security governance framework (DSGF). “DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimize risk,” said Firstbrook. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.”

Channel Impact^®
These findings provide clues as to the direction that MSSPs and other channel partners will need to travel in order to better secure the IT infrastructure of their customers.