The data points contained in this research report are strong co-indicators of trends in cybersecurity that argue for increased, enterprise wide education and training.
But, they don’t argue for traditional approaches to education and training as these trends developed in spite of programs that tried to create a culture of security consciousness throughout the enterprise and didn’t just fail to accomplish their goals, they worked in opposition to those goals by creating an environment where these negative trends flourished.
Cybersecurity leaders today are burnt out, overworked and practice in an “always-on” mode. This is a direct reflection of how elastic the role has been over the past decade due to the growing misalignment of expectations from stakeholders within their organizations. On a similar note, new concepts have emerged such as:
Resilience and risk quantification;Increased levels of digital connections forcing organizations to put significantly higher levels of effort into controlling (evaluating, influencing) the cyber health of external parties;Employees now making decisions with cyber risk implications without consulting security and risk management leaders;Executive committees being established outside the scope/purview of the cybersecurity leader.
These factors have led to an environment where the cybersecurity leader now has less direct control over many of the decisions that historically would fall under their scope. Therefore, Gartner recommends that leaders monitor these predictions and act on them as they see signs emerge in their respective environments. In addition, a growing number of cybersecurity leaders may need to reframe their roles in order to succeed.