Full Text

Security and risk management (SRM) leaders must rethink their balance of investments across technology and human-centric elements when creating and implementing cybersecurity programs in line with nine top industry trends, according to Gartner, Inc.

“A human-centered approach to cybersecurity is essential to reduce security failures,” said Richard Addiscott, Sr Director Analyst at Gartner. “Focusing on people in control design and implementation, as well as through business communications and cybersecurity talent management, will help to improve business-risk decisions and cybersecurity staff retention.”

To address cybersecurity risks and sustain an effective cybersecurity program, SRM leaders must be focused on three key domains: (i) the essential role of people for security program success and sustainability; (ii) technical security capabilities that provide greater visibility and responsiveness across the organization’s digital ecosystem; and (iii) restructuring the way the security function operates to enable agility without compromising security.

The following nine trends will have a broad impact for SRM leaders across these three areas:

Trend 1: Human-Centric Security Design

Human-centric security design prioritizes the role of employee experience across the controls management life cycle. By 2027, 50% of large enterprise chief information security officers (CISOs) will have adopted human-centric security design practices to minimize cybersecurity-induced friction and maximize control adoption.

“Traditional security awareness programs have failed to reduce unsecure employee behavior,” said Addiscott. “CISOs must review past cybersecurity incidents to identify major sources of cybersecurity induced-friction and determine where they can ease the burden for employees through...