Security decision-makers need to reprioritise their investment outlooks towards people, rather than technology, according to the latest market forecast from Gartner
In creating and implementing cyber security programmes, security leaders must rethink how they balance their investments to prioritise so-called human-centric security in line with industry trends, according to analysts at Gartner.
To address risk and sustain an effective security programme, Gartner said decision-makers must focus on three key domains: the essential role of people for programme success and sustainability; technical capabilities that provide greater visibility and responsiveness; and restructuring how security functions operate to prioritise more agile responses, without compromising on actual security.
It set out nine key trends that it believes will epitomise these domains going forward, of which human-centric security design is the most important.
“A human-centred approach to cyber security is essential to reduce security failures,” said Richard Addiscott, senior director analyst at Gartner. “Focusing on people in control design and implementation, as well as through business communications and cyber security talent management, will help to improve business risk decisions and cyber security staff retention.”
Human-centric security design prioritises the employee experience across the security control management lifecycle, minimising security-induced friction, and maximising the adoption of appropriate controls and processes. Currently, a minority of large enterprises have adopted such design, and Gartner does not believe we will reach the 50% mark until at least 2027.
“Traditional security awareness programmes have failed to reduce unsecure employee behaviour,” said Addiscott. “CISOs must review past cyber security incidents to identify major sources of cyber security-induced friction and determine where they can ease the burden for employees through more human-centric controls, or retire controls that add friction without meaningfully reducing risk.”
Alongside human-centric programmes pitched at everybody in the enterprise, the second trend on Gartner’s list centres on the need for security leaders to enhance how security teams are run to ensure the resulting programmes are sustainable.
Up to now, this has not been well prioritised, with security leaders traditionally more focused on improving technology and processes. But taking a human-centric talent management approach to attract and retain talent will bring improvements in functional and technical maturity and resilience, said Gartner.
“Business leaders now widely accept that cyber security risk is a top business risk to manage – not a technology problem to solve. Supporting and accelerating business outcomes is a core cyber security priority, yet remains a top challenge” Richard Addiscott, Gartner
It claimed that by 2026, 60% of organisations will have shifted from external hiring to “quiet” internal hiring to address systemic cyber and recruitment challenges.
With technology moving from centralised functions towards lines of business, corporate functions, fusion teams and individual employees, and over 40% of employees now performing some kind of technology work, the third trend on Gartner’s list centres on the need to modify cyber security operating models to account for this.
Among other things, employees now increasingly need to know how to balance risks – including security, financial, reputational, competitive and legal – and as such, the security function must also now begin to connect to business value by measuring and reporting success against the enterprise’s priorities and desired outcomes.
“Business leaders now widely accept that cyber security risk is a top business risk to manage – not a technology problem to solve,” said Addiscott. “Supporting and accelerating business outcomes is a core cyber security priority, yet remains a top challenge.”
Technology priorities
The move towards human-centric approaches to security does not, however, discount the very real utility of technology, as the remainder of the trends set out by Gartner demonstrate.
Fourth on the list is the need to implement continuous threat exposure management programmes to address the complex attack surface of most modern businesses, while fifth is the need to address fragile identity infrastructure caused by incomplete, misconfigured or vulnerable elements in the identity fabric.
The sixth trend identified in the forecast is the need for cyber security validation, bringing together the techniques, processes and tools used to validate how threat actors exploit identified exposures. This need will incorporate more automated and repeatable elements to establish informative benchmarks.
The remaining three trends identified in the report are cyber security platform consolidation, composable security for composable businesses, and expanding boardroom competency in overall security oversight.
The 2026 NFL Draft has come and gone. To the surprise of nobody, the NFC South is still a wide-open race. Last season saw the Atlanta Falcons, Tampa Bay Buccaneers and Carolina Panthers finish in a three-way tie for first place, all a game below .500 with eight wins. The last-place New Orleans Saints won
After a long, but successful, 2025 season that saw the Texas A&M Aggies reach the College Football Playoffs for the first time in school history, the final event to cap off the year is underway as the NFL Draft continues on. For Aggies offensive tackle Dametrious Crownover, he got to hear his name called to
Released in 2014 to protect FIFA 15 from piracy and circumvention, Denuvo built a reputation as the toughest protection layer in PC gaming. Over the years, various groups and independent developers managed to break the technology on a case-by-case basis, producing cracked versions of individual games...
Both companies announced the revised agreement in a joint statement on Monday. Microsoft retains a non-exclusive licence to OpenAI’s intellectual property through 2032, remains the primary cloud partner, and keeps its 27% equity stake. OpenAI will continue paying Microsoft a revenue share through 2030, capped at a total amount. Microsoft shares fell ~3% on the
The 2026 NFL Draft has come and gone. To the surprise of nobody, the NFC South is still a wide-open race. Last season saw the Atlanta Falcons, Tampa Bay Buccaneers and Carolina Panthers finish in a three-way tie for first place, all a game below .500 with eight wins. The last-place New Orleans Saints won
After a long, but successful, 2025 season that saw the Texas A&M Aggies reach the College Football Playoffs for the first time in school history, the final event to cap off the year is underway as the NFL Draft continues on. For Aggies offensive tackle Dametrious Crownover, he got to hear his name called to
Released in 2014 to protect FIFA 15 from piracy and circumvention, Denuvo built a reputation as the toughest protection layer in PC gaming. Over the years, various groups and independent developers managed to break the technology on a case-by-case basis, producing cracked versions of individual games...
Both companies announced the revised agreement in a joint statement on Monday. Microsoft retains a non-exclusive licence to OpenAI’s intellectual property through 2032, remains the primary cloud partner, and keeps its 27% equity stake. OpenAI will continue paying Microsoft a revenue share through 2030, capped at a total amount. Microsoft shares fell ~3% on the
This is today's edition of The Download , our weekday newsletter that provides a daily dose of what's going on in the world of technology. Three reasons why DeepSeek’s new model matters On Friday, Chinese AI firm DeepSeek released a preview of V4, its long-awaited new flagship model. Notably, the model can process much longer
Y’all… it looks like some family tension might be brewing behind the scenes involving Tee Grizzley and his mom. What seemed like a regular social media post quickly turned into something deeper. And now, folks are side-eyeing the situation and wondering what’s really going on. RELATED: Tee Grizzley Shares A Message For Artists After His
PETER CHRISTOPHER Senior Multimedia Reporter peter.christopher@guardian.co.tt Heavy handed but necessary given the state of crime in T&T. This was a common assessment from various business groups when asked for their perspective on the latest declaration of a state of emergency in the country. The T&T Chamber of Industry and Commerce, in a released issued yesterday
Can a nine-episode limited series really impact an entire season of shopping trends? Today brands are experiencing—and chasing—the “Carolyn Bessette-Kennedy effect” as a result of Ryan Murphy’s Love Story. And in many cases, it’s more pervasive than they could have prepared for. The FX series, based on the relationship between John F. Kennedy Jr. and
