The rapid evolution of artificial intelligence, coupled with escalating geopolitical tensions, increasing regulatory scrutiny and a constantly expanding threat landscape, are collectively reshaping the cybersecurity landscape. According to a new report from Gartner, Inc., these forces are driving six key cybersecurity trends that organizations must address in .
“Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change,” said Alex Michaels, Director Analyst at Gartner. “This demands new approaches to cyber risk management, resilience and resource allocation.”
Agentic AI Demands Cybersecurity Oversight
One of the most significant trends is the rise of agentic AI – AI systems capable of autonomous action. These systems are being rapidly adopted by both employees and developers, creating new and often unmanaged attack surfaces. The proliferation of no-code/low-code platforms and “vibe coding” are accelerating this trend, leading to unsecured code and potential regulatory compliance violations. Essentially, the ease with which AI agents can be created and deployed is outpacing the ability of organizations to secure them.
Gartner emphasizes the need for strong governance around agentic AI. Cybersecurity leaders must identify both sanctioned and unsanctioned AI agents, implement appropriate controls, and develop incident response playbooks specifically tailored to address AI-related risks. This isn’t simply about blocking AI tools; it’s about understanding how they’re being used and mitigating the inherent security risks.
Global Regulatory Volatility Drives Cyber Resilience
Geopolitical shifts and increasingly stringent global regulations are elevating cybersecurity from a technical concern to a core business risk. Organizations are facing greater scrutiny and potential liability for cybersecurity failures, with regulators holding boards and executives accountable for compliance. This increased pressure is driving a need for greater cyber resilience.
Gartner advises cybersecurity leaders to foster closer collaboration between security, legal, and business teams. Aligning security controls with recognized frameworks and addressing data sovereignty concerns are also crucial steps in navigating this complex regulatory environment. Proactive compliance isn’t just about avoiding penalties; it’s about building trust and maintaining business continuity.
Postquantum Computing Moves into Action Plans
While still largely theoretical, the threat posed by quantum computing to current encryption methods is becoming increasingly real. Gartner predicts that advances in quantum computing will render many of today’s asymmetric cryptography standards unsafe by . This necessitates a proactive shift towards postquantum cryptography (PQC) alternatives.
The concern isn’t just about future decryption; it’s about “harvest now, decrypt later” attacks, where adversaries are already collecting encrypted data with the intention of decrypting it once quantum computers become powerful enough. Gartner recommends organizations begin identifying, managing, and replacing traditional encryption methods, prioritizing cryptographic agility to adapt to evolving threats. This is a long-term project, but one that requires immediate attention.
Identity and Access Management Adapts to AI Agents
The increasing use of AI agents is challenging traditional identity and access management (IAM) strategies. Specifically, managing identity registration, automating credentials, and establishing policy-driven authorization for these machine actors presents new complexities. Failure to address these challenges could lead to increased access-related security incidents as AI agents become more prevalent.
Gartner recommends a risk-based approach to IAM for AI agents, focusing on areas with the greatest gaps and risks while leveraging automation where possible. This requires a shift in thinking about identity – moving beyond human users to encompass the unique security needs of autonomous systems.
AI-Driven SOC Solutions Destabilize Operational Norms
Security Operations Centers (SOCs) are undergoing a transformation driven by the adoption of AI-powered solutions. While these tools offer the potential for cost optimization and improved efficiency, they also introduce new complexities, including staffing pressures, increased upskilling demands, and evolving cost considerations. The promise of AI in the SOC isn’t a simple plug-and-play solution.
Gartner stresses the importance of prioritizing people alongside technology. Strengthening workforce capabilities, implementing human-in-the-loop frameworks, and aligning AI adoption with clear strategic objectives are critical for maintaining resilience as SOCs evolve. AI should augment, not replace, skilled security professionals.
GenAI Breaks Traditional Cybersecurity Awareness Tactics
Traditional cybersecurity awareness training is proving increasingly ineffective as generative AI (GenAI) becomes more widespread. A Gartner survey conducted between and revealed that over 57% of employees use personal GenAI accounts for work purposes, and 33% admit to inputting sensitive information into unapproved tools. This highlights a significant gap in security awareness and a growing risk of data breaches.
Gartner recommends shifting from generic awareness training to adaptive behavioral and training programs that specifically address the risks associated with GenAI. Strengthening governance, embedding secure practices, and establishing clear policies for authorized use are essential steps in mitigating these risks. The focus needs to be on educating users about the specific threats posed by GenAI and how to use these tools securely.
Gartner analysts will be presenting these trends in greater detail at the Gartner Security & Risk Management Summits, taking place in multiple locations throughout , including Mumbai, Sydney, National Harbor, MD, Tokyo, Sao Paulo, and London.
