Gartner predicts privacy law changes, consolidation of cybersecurity services and ransomware laws for next 4 years

Gartner analysts also think weaponized operational technology will result in human casualties by 2025.
Written by Jonathan Greig, Contributor

Gartner analysts released their list of cybersecurity and privacy predictions for the next few years, floating a number of potential ideas about how the world will respond to certain problems over the next decade. 

The predictions ranged from potential legislation to how the market for certain technologies will change from now until 2025. Gartner analysts predicted weaponized OT environments will result in human casualties by 2025 due to malware that they believe will spread at "wirespeeds." The analysts say by that time, cybercriminals will shift from business disruption to physical harm, leading to regulations placing liability on CEOs. 

For 2023, Gartner expects 75% of the world to be covered under some kind of privacy law with built-in subject rights requests and consent. The key, they said, will be whether privacy management programs can be automated.

By 2024, Gartner said it believes organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.

They expect security to stop being baked into assets and instead be "bolted on." But with the permanent shift to remote work for many companies, Gartner predicted more organizations to use adaptive access control capabilities to facilitate it. 

The research institution is also expecting consolidation in the cloud and security edge services market, predicting that 30% of people will end up using the same provider by 2024. 

They noted that SaaS platforms are becoming "the preferred delivery model for organizations," and added that hardware refresh cycles will impact adoption timeframes. 

"By 2024, 30% of enterprises will adopt cloud-delivered SWG, CASB, ZTNA and FWaaS capabilities from the same vendor," the analysts said, adding that by 2025, "60% will use cybersecurity risk as a primary determinant for business transactions."

Security will begin to play a bigger role in public policy as well by 2025, with Gartner expecting at least 30% of the world's nations to pass some form of legislation around ransomware. 

Gartner also expects more regulation centered around ransomware payments as well as fines and negotiations. 

Cybersecurity will even become a priority for boards, with Gartner adding that by 2025, 40% of boards will have dedicated cyber committees or at least one qualified board member overseeing cybersecurity. 

Editorial standards