Artificial Intelligence will close the cybersecurity skills gap

As we begin to move beyond what GenAI can achieve, a host of real opportunities are emerging to help solve a range of long-term issues plaguing cybersecurity, particularly skills shortages and unsafe human behavior. This year's top predictions clearly lie outside of technology, as the human element continues to receive more attention. Any CISO looking to build an effective and sustainable cybersecurity program must make this effort a priority.

By 2028, GenAI adoption is expected to close the small skills gap and 50% of entry-level cybersecurity positions will no longer require specialized education. GenAI enhancements will change the way organizations recruit and train cybersecurity workers with the right competencies and education. Major platforms already offer conversational enhancements, but this will continue to evolve. Gartner recommends that cybersecurity teams focus on internal use cases that support user efforts; work with HR to coordinate and find the right talent for more critical cybersecurity roles.

In 2026, enterprises that combine GenAI with an integrated platform architecture in a Security Behavior and Culture Program (SBCP) will reduce employee-driven cybersecurity incidents by 40%. Organizations are increasingly focusing on personalized engagement as an important component of effective SBCP. GenAI has the potential to generate highly personalized content and training materials that take into account employees’ unique attributes. This will increase the likelihood that employees will adopt safer behaviors in their daily work, thereby reducing cybersecurity incidents.

Portfolios that are not yet using GenAI capabilities should evaluate their current external security awareness partners to understand how to include GenAI as part of their solution roadmap. This ensures that incorporating new technology into an organization does not compromise its existing security defenses.

In 2026, 75% of organizations will exclude unmanaged, traditional and cyber-physical systems from their zero trust strategy. Under a zero trust strategy, users and endpoints are given only the access they need to do their jobs and are monitored against changing rights restrictions. In production or mission-critical environments, these concepts do not apply to unmanaged devices, legacy applications, and cyber-physical systems (CPS). These systems perform specific tasks in unique safety- and reliability-focused environments.

Under the 2027 law, two-thirds of the world's top 100 companies will provide cybersecurity leaders with directors and officers (D&O) insurance to cover personal legal risks. New laws and regulations require cybersecurity leaders to take personal responsibility. The CISO's role and responsibilities need to be updated to allow for relevant reporting and disclosure. Businesses are advised to explore the benefits of purchasing D&O insurance for this role, as well as other insurance and indemnity, to reduce the burden of personal liability, professional risk and legal fees.

By 2028, companies will spend more than $500 billion on combating disinformation, accounting for 50% of marketing and cybersecurity budgets. The combination of artificial intelligence, analytics, behavioral science, social media, the Internet of Things, and other technologies makes creating and spreading highly effective mass-tailored disinformation an elusive challenge. However, with the proper use of these technologies, people can still create and spread efficient and large-scale disinformation.

By 2026, 40% of identity and access management (IAM) leaders will have primary responsibility for reviewing, measuring, and responding to IAM-related breaches. IAM leaders often struggle to articulate security and business value to drive accurate investments and are not involved in security asset and budget discussions. As IAM leaders grow in importance, they will evolve in different directions, each with increased responsibility, visibility, and influence. It is recommended that CISOs break down the traditional IT and security silos and let stakeholders understand the role of IAM by coordinating IAM plans and security plans.

By 2027, 70% of organizations will integrate data loss prevention and internal risk management principles with IAM context to more effectively identify suspicious behavior. Growing interest in integrated controls has led vendors to develop capabilities that represent the overlap of user behavior control and data loss prevention. This introduces a more comprehensive set of capabilities for security teams to create a single policy for a dual approach to data security and internal risk mitigation. Gartner recommends that organizations identify data risks and identity risks and combine them as primary directives for strategic data security.

By 2027, 30% of cybersecurity capabilities will be reimagined for application security, directly usable by non-cyber experts and owned by application owners. The volume, variety and context of applications created by business technical staff and distributed delivery teams means the potential risks are far beyond what a dedicated application security team can handle.

To close the gap, the cybersecurity function must build a minimum level of effective expertise within these teams, combining technology with training to create the autonomy needed to make informed decisions about cyber risk. required abilities.

The above is the detailed content of Artificial Intelligence will close the cybersecurity skills gap. For more information, please follow other related articles on the PHP Chinese website!