What to Expect: 2023 Gartner Security and Risk Management Summit

Insights to Gather at the 2023 Gartner Security and Risk Management Summit

The conference aims to produce relevant content and tailored sessions for different security roles, encompassing sessions for Chief Information Security Officers, Risk Management Leaders, Security Architects and Network, Application and Data Security Managers. Many of the topics will also welcome diverse audience, though the level of depth can vary.  Some notable areas that will be covered in London this week include:

How to Better Manage the Expanding Attack Surface

Gartner has highlighted the challenge of controlling an expanding attack surface in recent research, including this year’s Hype Cycle for Security Operations and the Top Trends in Cybersecurity back in April 2023. Security teams need to adopt new approaches here due to the constantly changing technological environment, as the growing use of SaaS applications and the extended supply chains all mean that we need to think more broadly about our organization’s attack surface. Applications, users, IoT and other challenges make this a huge area of focus for security and risk leaders to address.

Click here to request your own copy of the full 2023 Gartner® Hype Cycle for Security Operations.

The growing importance of Threat Exposure Management

Linked to the previous topic and represented in multiple sessions over the three-day conference. Threat Exposure Management is an evolution of how security leaders think about their approach to security hygiene and posture management. A relevant talk this week is sub-titled ‘CISOs Need to Go Beyond Vulnerability Management’ and this illustrates a key point about a successful approach to Exposure Management. Security teams need to consider their ‘un-patchable’ attack surface that, according to Gartner, will grow to more than half of the enterprises’ total exposure by 2026.

Measuring and Communicating Cyber Risk

Another theme that I see across many talks at this year’s conference is the need to better understand cyber risk and explain it to different audiences— particularly at the executive or board level. Whether this is risk associated with the public cloud, third-party supply chain, or Generative AI, security leaders still need to be better communicators when speaking to their key stakeholders in the business. Part of this is being able to understand and align to business imperatives, but also to step above the tactical and to share measurable insights with executives and the board, that allow them to make cyber-risk informed decisions.

In addition to these specific areas, this week’s conference has more than 180 sessions covering Cloud Security, Identity & Access Management, the future of SIEM and XDR and more. It’s also worth noting that the conference features several sessions focused on building highly performing, diverse, inclusive security organizations which is a positive sign of the growing maturity of the cybersecurity industry.