• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Gartner’s Top Cybersecurity Trends for 2023

Gartner's 2023 cybersecurity trends focus on human-centric security designs, people management and value creation.

April 12, 2023 TD Staff Leave a Comment

SASE, SASE approaches, SASE implementation
stock.adobe.com/ArtemisDiana

Security and risk management (SRM) leaders must reassess their strategy when investing in technology and human-centric elements for their cybersecurity programs, according to analyst firm Gartner.

According to Richard Addiscott, senior director analyst at Gartner, a human-centered approach to cybersecurity is essential, and must focus on people in control design. One in which, “focus[es] on people in control design and implementation, as well as through business communications and cybersecurity talent management.” Thus, he said, “[it] will help to improve business-risk decisions and cybersecurity staff retention.

Three Key Areas for an Effective Cybersecurity Program

According to Gartner, SRM leaders need to focus on three key areas to ensure an effective cybersecurity program and address related risks:

  1. The role of people for security program success and sustainability
  2. Technical security capabilities that provide greater visibility and responsiveness across the organization’s digital ecosystem
  3. Restructuring the way the security function operates to enable agility without compromising security

Gartner also outlines the following nine trends that will have a broad impact for SRM leaders across the three key areas above:

Gartner’s Cybersecurity Trends for 2023

Trend 1: Human-Centric Security Design

Human-centric security design prioritizes the role of employee experience across the controls management life cycle. By 2027, 50% of large enterprise chief information security officers (CISOs) will have adopted human-centric security design practices to minimize cybersecurity-induced friction and maximize control adoption.

“Traditional security awareness programs have failed to reduce unsecure employee behavior,” said Addiscott. “CISOs must review past cybersecurity incidents to identify major sources of cybersecurity induced-friction and determine where they can ease the burden for employees through more human-centric controls or retire controls that add friction without meaningfully reducing risk.”

Trend 2: Enhancing People Management for Security Program

Traditionally, cybersecurity leaders have focused on improving technology and processes that support their programs, with little focus on the people that create these changes. CISOs who take a human-centric talent management approach to attract and retain talent have seen improvements in their functional and technical maturity. By 2026, Gartner predicts that 60% of organizations will shift from external hiring to “quiet hiring” from internal talent markets to address systemic cybersecurity and recruitment challenges.

Trend 3: Transforming the Cybersecurity Operating Model to Support Value Creation

Technology is moving from central IT functions to lines of business, corporate functions, fusion teams and individual employees. A Gartner survey found that 41% of employees perform some kind of technology work, a trend that is expected to continue growing over the next five years.

“Business leaders now widely accept that cybersecurity risk is a top business risk to manage – not a technology problem to solve,” said Addiscott. “Supporting and accelerating business outcomes is a core cybersecurity priority, yet remains a top challenge.”

CISOs must modify their cybersecurity’s operating model to integrate how work gets done. Employees must know how to balance a number of risks including cybersecurity, financial, reputational, competitive and legal risks. Cybersecurity must also connect to business value by measuring and reporting success against business outcomes and priorities.

Trend 4: Threat Exposure Management

The attack surface of modern enterprises is complex and creates fatigue. CISOs must evolve their assessment practices to understand their exposure to threats by implementing continuous threat exposure management (CTEM) programs. Gartner predicts that by 2026, organizations prioritizing their security investments based on a CTEM program will suffer two-thirds fewer breaches.

Trend 5: New Identity Threat & Detection Response (ITDR)

Incomplete, misconfigured or vulnerable elements in an organization can lead to a fragile identity infrastructure. By 2027, Gartner predicts filling the gaps in identity infrastructure will prevent 85% of new attacks and thereby reduce the financial impact of breaches by 80%.

“Identity fabric immunity not only protects the existing and new IAM components in the fabric with identity threat and detection response (ITDR), but it also fortifies it by completing and properly configuring it,” said Addiscott.

Trend 6: Cybersecurity Validation 

Cybersecurity validation is the process of testing how attackers can exploit any security gaps. The tools used for this are being updated to automate assessments, making them more reliable for regular testing of attack techniques, security controls and processes. Through 2026, more than 40% of organizations, including two-thirds of midsize enterprises, will rely on consolidated platforms to run cybersecurity validation assessments.

Trend 7: Cybersecurity Platform Consolidation

As organizations look to simplify operations, vendors are consolidating platforms around one or more major cybersecurity domains. For example, identity security services may be offered through a common platform that combines governance, privileged access and access management features. SRM leaders need to continuously inventory security controls to understand where overlaps exist and reduce the redundancy through consolidated platforms.

Trend 8: Composable Businesses Need Composable Security

Organizations must transition from relying on monolithic systems to building modular capabilities in their applications to respond to the accelerating pace of business change. Composable security is an approach where cybersecurity controls are integrated into architectural patterns and then applied at a modular level in composable technology implementations. By 2027, more than 50% of core business applications will be built using composable architecture, requiring a new approach to securing those applications.

“Composable security is designed to protect composable business,” said Addiscott. “The creation of applications with composable components introduces undiscovered dependencies. For CISOs, this is a significant opportunity to embed privacy and security by design by creating component-based, reusable security control objects.”

Trend 9: Boards Expand Their Competency in Cybersecurity Oversight

The board’s increased focus on cybersecurity is being driven by the trend toward explicit-level accountability for cybersecurity to include enhanced responsibilities for board members in their governance activities. Cybersecurity leaders must provide boards with reporting that demonstrates the impact of cybersecurity programs on the organization’s goals and objectives.

“SRMs leaders must encourage active board participation and engagement in cybersecurity decision making,” said Addiscott. “Act as a strategic advisor, providing recommendations for actions to be taken by the board, including allocation of budgets and resources for security.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: CISOs, Cybersecurity, Gartner, risk management, Security, SRM

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.