How important is Gartner to the cybersecurity universe?

Aspects related to cybersecurity have become a challenge for organizations, affecting even the continuity of their businesses. In addition, CISOs increasingly view cybersecurity as a business risk to be addressed, and customers require organizations to be better prepared to protect their personal data, including their consumer and trust relationships. Finally, regulations such as GDPR (Europe), LGPD (Brazil) and CACC (the State of California, United States) have also been showing that governments are taking cybersecurity and privacy seriously.

Considering the increase in cybersecurity risks, it is a business must for information security executives to mitigate these risks, thus allowing business continuity and increasing the confidence of its customers, employees, partners, and suppliers.  In this scenario, more than 15,000 organizations in more than 100 countries rely on Gartner as a consultant for strategic decision-making not only in cybersecurity but in countless other subjects such as Human Resources, Finances and Risk and Audit. But what is Gartner after all?

Gartner, Inc., or simply Gartner, was founded exactly 40 years ago by Gideon Gartner in the US city of Stamford, Connecticut. Its numbers impress: a team of more than 15,000 associates is responsible for bringing more than $4 billion in annual revenue, according to its website. The programs and services offered by Gartner include research, consulting, and events. Its tools include the Hype Cycle, as well as Market Guides and Magic Quadrants, allowing organizations to visualize the results of market analysis and a range of solutions for decision-making strategies, including those linked to cybersecurity. Gartner events are marked on the calendars of most executives across the globe and are held year-round across four continents. In Brazil, Gartner annually organizes the IT Symposium/Xpo conferences as well as Security and Risk Management conferences. In the latter, CISOs have the opportunity to exchange experiences and also discover the latest security trends for Cloud, Artificial Intelligence, Internet of Things, Blockchain, DevOps, as well as the main challenges in Information Security for executives and their organizations.

According to Gartner, by 2022, the ratings related to cybersecurity will become as important as those associated with credit, considering the assessment of these risks to establish business relationships. The big challenge for organizations in this new digital era is to turn cybersecurity risk management into a competitive benefit for business leverage. 

Gartner also sees IT strategies increasingly aligned with business goals. In this scenario, the skills of leaders in Information Security and Risk Management become essential in presenting these aspects in an assertive way to support the strategic decision-making process in companies. In short, it is necessary that the areas of Information Technology and Security are close to top management and should be considered not only as a means to introduce solutions to technical problems but to allow organizations to achieve their business goals.

Considering this paradigm shift, Gartner has introduced a strategic approach to Cybersecurity Risk Management in 2017, called the Continuous Adaptive Risk and Trust Assessment (CARTA). This approach is based on new Zero Trust models, which, unlike the old “trust, but verify” concept models, eliminate security perimeter concepts that delimit the environment into reliable and unreliable, and turn everything and everyone into possible threats to the organization.

Thus, it is believed that CISOs must review their threat detection and response strategies. These strategies require new investments in their Security Operations Centers (SOCs) so that they are able not only to prevent but also to detect and respond to threats. And this is not an easy challenge to overcome, considering that these threats can be not only outside the environment but also within it. Gartner estimates that by 2022, 50% of all SOCs will have the ability to detect and respond appropriately to security incidents, including using Artificial Intelligence and Machine Learning concepts.  

Thus, it is possible to say that the scale and scope of cyber threats are far from decreasing. As new technologies are introduced, they bring with them new threats to companies. In addition – considering cybersecurity risks not only as technical aspects but as paramount to business continuity – it is essential that Information Technology and Security leaders align with the top management and business goals. In this scenario, Gartner emerges as a key player in helping these leaders define new strategies based on best practices in cybersecurity, using solutions that adequately address threats and are adherent to their businesses, and promote the exchange of experience between executives from different countries and industries. Thus, it can be assumed that it will be possible to appropriately identify and mitigate Information Security risks by enabling these organizations to maintain the satisfaction of their customers, employees, partners, and suppliers, and thereby ensure that they achieve their business goals.