Intelligent CISO Issue 61 | Page 18

cyber trends
SECURITY LEADERS MUST PIVOT TO A HUMAN-CENTRIC FOCUS TO ESTABLISH AN EFFECTIVE CYBERSECURITY PROGRAM , SAYS GARTNER . RICHARD ADDISCOTT , SENIOR DIRECTOR ANALYST AT GARTNER , COMMENTS ON SOME OF THE CORE CHALLENGES AND OFFERS HIS BEST PRACTICE ADVICE IN RESPONSE .
ecurity and risk

S management ( SRM ) leaders must rethink their balance of investments across technology and human-centric elements when creating and implementing cybersecurity programs in line with nine top industry trends , according to Gartner .

“ A human-centred approach to cybersecurity is essential to reduce security failures ,” said Richard Addiscott , Senior Director Analyst at Gartner . “ Focusing on people in control design and implementation , as well as through business communications and cybersecurity talent management , will help to improve business-risk decisions and cybersecurity staff retention .”
To address cybersecurity risks and sustain an effective cybersecurity program , SRM leaders must be focused

Gartner identifies top cybersecurity trends for 2023

on three key domains : ( i ) the essential role of people for security program success and sustainability ; ( ii ) technical security capabilities that provide greater visibility and responsiveness across the organisation ’ s digital ecosystem ; and ( iii ) restructuring the way the security function operates to enable agility without compromising security .
The following trends will have a broad impact for SRM leaders across these three areas :
1 . Human-centric security design
Human-centric security design prioritises the role of employee experience across the controls management life cycle . By 2027 , 50 % of large enterprise Chief Information Security Officers ( CISOs ) will have adopted human-centric security design practices to minimise cybersecurity-induced friction and maximise control adoption .
“ Traditional security awareness programs have failed to reduce unsecure employee behaviour ,” said Addiscott . “ CISOs must review past cybersecurity incidents to identify major sources of cybersecurity induced-friction and determine where they can ease the burden for employees through more human-centric controls or retire controls that add friction without meaningfully reducing risk .”
18 www . intelligentciso . com