Key Takeaways from the Gartner Security & Risk Summit

The CYGNVS team attended the Gartner Security and Risk Summit in National Harbor, Maryland, June 3-5, 2024. In case you missed it, here are some of the key takeaways.

Emphasizing Cybersecurity Resilience

The theme of this year’s Summit was “Building Cybersecurity Resilience in a Complex World.” The opening keynote, “Augmented Cybersecurity: How to Thrive Amid Complexity,” set the tone by highlighting resilience over protection. According to Gartner surveys, the biggest gap is how security professionals rate their ability to “Respond” and “Recover” from incidents, rather than “Identifying,” “Protecting,” or “Detecting” threats.

For security professionals, the biggest opportunity for improvement lies after a breach has occurred.

Managing 3^rd Party Cyber Risks

Another major theme was “Enhancing Business Continuity in Third-Party Cyber Risk Management.” The speakers noted that 40% of the time, business sponsors move forward with vendors despite their identified cyber risks. The onus is on security professionals to work with critical suppliers to bolster risk management processes and ensure continuity.

Embracing a “Minimum Effective Toolset” Mindset

The speakers also suggested that many companies have overinvested in cybersecurity technologies. The recommendation? Adopt a strategy that uses the fewest technologies necessary to observe, defend, and respond to threats. This approach can free up resources to invest more in solutions that focus on resilience.

Addressing Professional Burnout

Mental health and burnout among security professionals were recurring topics, including during the Day 3 keynote. A “zero tolerance for failure” culture, coupled with a high incidence of cybersecurity incidents, is taking a toll. Gartner research showed 81% of organizations experienced at least 25 cyber security incidents in the past 12 months. Combined with resource and talent shortages, this environment is leading to low morale, fatigue, and poor decision-making.

Some analysts suggest the need for a more fault-tolerant and learning-focused culture. But in talking with other attendees over lunch, it was clear that no one believed this change would ever happen in their organizations. 

The Impact of AI on Cybersecurity

No surprise, AI’s influence on cybersecurity was a hot topic. Several sessions discussed how AI is not only impacting software products but also escalating the number and severity of cyber incidents. Examples of how AI has lowered the bar for entry include AI-generated deep fake material, code, and phishing strategies—all highlighting the need for heightened vigilance.

The Growing Threat of Ransomware 

Ransomware remains a top concern. In the session, “Protection from the Risk Within: Managing Insider Risk,” Paul Furtado shared alarming statistics on the growth and cost of ransomware incidents—between 68-84% growth, depending on the study. Attack dwell times (the time between gaining access to a network and executing the ransomware) have dropped in the last year from three days to one. He also mentioned that attackers now access data within 72 minutes of a successful phishing attack. These trends underscore the urgency of addressing ransomware threats.