Gartner names top security and risk management trends in 2019

Gartner names top security and risk management trends in 2019

Focus on data security frameworks, governance, training and cloud security failures

Analyst firm Gartner has identified what it thinks are the seven emerging security and risk management trends for this year, that are set to have an impact on security, privacy and risk areas.

The analyst firm said it defines these top trends as ongoing strategic shifts in security that are not yet widely recognised, but could have a broad impact on the industry, causing significant disruption.

First up in the list of the trends that were highlighted by Gartner research vice president Peter Firstbrook has to do with risk appetite statements becoming linked to business outcomes.

One area that is gaining importance is the ability for security and risk management leaders to effectively present security matters to key business decision makers.

Firstbrook suggested creating simple, practical and pragmatic risk appetite statements linked to business goals, and staying relevant to business decisions.

The next trend was focused on security operation centres (SOCs) being implemented with a focus on threat detection and response. According to Gartner, by 2022, about 50 per cent of SOCs will be transformed with integrated incident response, threat intelligence and threat-hunting capabilities.

The third trend related to organisations addressing data security governance frameworks (DSGF) that will prioritise data security investments.

“DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimise risk,” Firstbrook said. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.”

Passwordless authentication such as touch ID on devices, was also continuing to gain market traction, the analyst firm noted.

“In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” he said.

Another trend on the rise, noted by Gartner was the fact that security product vendors were increasingly offering premium skills and training services.

This comes as the number of unfilled cyber security roles is expected to grow from 1 million in 2018 to 1.5 million in 2020, the analyst firm said.

“We are starting to see vendors offer solutions that are a fusion of products and operational services to accelerate product adoption. Services range from full management to partial support aimed at improving administrators’ skill levels and reducing the daily workload,” Firstbrook noted.

The analyst firm estimates that the majority of cloud security failures will be because of customer faults in the next four years, therefore leading way to investments being made in cloud security competencies.

“Public cloud is a secure and viable option for many organisations, but keeping it secure is a shared responsibility,” he said. “Organisations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”

Rounding out its top seven trends, Gartner put forward the increasing presence of its own continuous adaptive risk and trust assessment (CARTA).

“Even though it’s a multiyear journey, the idea behind CARTA is a strategic approach to security that balances security friction with transaction risk. A key component to CARTA is to continuously assess risk and trust even after access is extended,” he said.

Firstbrook pointed out that email and network security were two examples of security domains moving toward a CARTA approach as solutions increasingly focus on detecting anomalies even after users and devices are authenticated.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Gartnertrends



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments