Unstructured Data, Tactical AI, Burnout Avoidance: Gartner's Top 6 Cybersecurity Trends
The threat landscape only continues to grow, driven by vulnerabilities related to generative AI technology, digital decentralizing, supply chain interdependencies, regulatory shifts, and talent shortages, according to Gartner.
“Security and risk management (SRM) leaders face a mix of challenges and opportunities this year, with a goal to enable transformation and embed resilience,” said Gartner’s senior principal analyst Alex Michaels in a statement. “Their efforts in achieving both are crucial to support their organization’s aspirations to not only innovate, but ensure their innovations are secure and sustainable in a fast-changing digital world.”
The company has identified six trends that will have an impact on cybersecurity this year.
1. Shifting security focus to unstructured data
Because generative AI is transforming data security programs, the focus on protections will shift from structured datasets to unstructured data such as text, images, and videos. It’s a change that has significant implications on large language model training, data deployment, and inference processes, said Michaels.
“Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of GenAI on their programs.”
2. Building an enterprise-wide strategy for machine identities and access
Several digital transformation tools, including generative AI, cloud technology, and automation, have required increased use of machine accounts and security credentials to protect devices and software. However, if left unchecked, these machine identities can leave companies vulnerable. As a result, companies will need to enact enterprise-wide strategies for machine identity and access management.
A Gartner survey of 335 machine identity and access management (IAM) leaders globally from 2024 found that IAM teams are only currently responsible for 44% of an organization’s machine identities.
3. Focusing on tactical use cases for AI adoption
While casting a wide net was the approach for many companies when it came to AI, 2025 will likely see a reprioritization of investments with a focus on more tactical use cases with direct, measurable impacts. Gartner said the strategy will look at aligning AI practices and tools with existing metrics to enhance the visibility of value.
“SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications, and improve cybersecurity with AI,” said Michaels. “By focusing on more tactical, demonstrably beneficial improvements, they can minimize the risks for their cybersecurity programs and can more easily demonstrate progress.”
4. Consolidating security tools to enhance “data portability”
In the threat landscape, it’s typically a game of “too little” or “too much.” Large enterprises, according to a Gartner survey, on average used 45 cybersecurity tools in 2024. With an abundance of vendors out there (over 3,000), it can overcomplicate processes. Instead, the company recommends achieving balance with security architects, security engineers, and other stakeholders to work off a consolidated approach that enhances the portability of data.
5. Embedding security into the organization’s culture
Both good and bad human behavior are key components of cybersecurity, said Gartner, and thus a culture- and behavior-based approach to cybersecurity is critical. It’s what often drives strategies that combine technology with an integrated platform-based architecture, such as with GenAI which is leading to 40% fewer employee-driven cybersecurity incidents by 2026.
6. Implementing burnout-avoidance strategies
It’s no surprise that the cybersecurity space is often at risk for employee burnout, particularly as companies face labor shortages while being challenged with the growing complexity in regulatory and business landscapes.
“Cybersecurity burnout and its organizational impact must be recognized and addressed to ensure cybersecurity program effectiveness,” said Michaels. “The most effective SRM leaders are not only prioritizing their own stress management, they are investing in teamwide wellbeing initiatives that demonstrably improve personal resilience.”
