Half of CISOs to adopt human centric design to reduce cyber friction: Gartner

Half of chief information security officers (CISOs) will adopt human centric design to reduce cybersecurity operational friction, according to Gartner experts.

These experts also predict that large enterprises will focus on implementing zero-trust programs; and half of cybersecurity leaders will have unsuccessfully tried to use cyber risk quantification to drive enterprise decision making.

Gartner research shows that over 90 percent of employees who admitted undertaking a range of unsecure actions during work activities knew that their actions would increase risk to the organisation but did so anyway.

Human-centric security design is modelled with the individual — not technology, threat or location – as the focus of control design and implementation to minimise friction.

During the Gartner Security and Risk Summit in Sydney, Richard Addiscott, senior director analyst said CISOs and their teams must be laser focused on what’s happening today to ensure their organisations are as secure as possible.

He said, “But they also need to make time to look up from their daily challenges and scan the horizon to see what’s coming down the track that might impact their security programs in the next couple of years.

“These predictions are a signal flare for some of those things we see emerging and should be considered by any CISO looking to build an effective and sustainable cybersecurity program.”

Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.

Cybersecurity knowledge continues to grow within the boardroom. Gartner predicts that by 2026, 70 percent of boards will include one member with cybersecurity expertise.

For cybersecurity leaders to be recognised as business partners, they need to acknowledge board and enterprise risk appetite.

This means not only showing how the cybersecurity program prevents unfavourable things from happening, but how it improves the enterprise’s ability to take risks effectively.

Gartner said it recommends CISOs get ahead of the change to promote and support cybersecurity to the board and establish a closer relationship to improve trust and support.