Gartner Recommendations for Security Leaders to Lead from an Offensive Position


During the opening keynote of the Gartner Security & Risk Management Summit Middle East, Tina Nunno, research vice president and Gartner Fellow, identified three steps for security and risk leaders to shift from a defensive to an offensive leadership approach. The following recommendations are based on “The 2021 Gartner Global Security and Risk Management Governance Survey:

Strengthen your personal leadership approach: To maintain this momentum, security leaders must identify whether they are acting defensively or offensively and reposition their personal leadership towards the latter.

Systematize offense for the team: Security and risk leaders can improve outcomes by assigning security responsibilities to stakeholders across the enterprise, including line-of-business leaders, executive leadership, and third-party vendors.

Coach the enterprise through new digital risks: Gartner’s research has found that enterprises are looking to increase their risk appetite into 2022. In this heightened risk environment, an offensive security approach will guide the enterprise through the resulting volatility and digital uncertainties.

The 2021 Gartner Global Security and Risk Management Governance Survey was conducted between April and May 2021 among 615 respondents across North America, EMEA, APAC, and Latin America at organizations with at least 100 employees and $50 million in total annual revenue.

Ravisha Chugh, Associate Principal Analyst at Gartner

As part of The Gartner Security and Risk Management Summit 2022, The Integrator conducted an interaction with Ravisha Chugh, Associate Principal Analyst at Gartner. Ravisha explains how enterprises can ensure online safety against data breaches.

While cybercriminals exploit vulnerabilities even on office suites, how can enterprises ensure online safety against data theft and other cyberthreats?

Data breaches have significantly increased over the last few years including data breaches related to both regulatory compliance and intellectual property data. Multiple data security controls and technologies will be required to address data security and privacy risks for the protection of data. Organizations should implement broader data protection themes including investing in solutions like Data Loss Prevention, data classification, data masking, and data access governance for overall data security.

Speak about Gartner’s findings of security systems have built to protect data and networks in the era of “work from anywhere”

With social distancing continuing throughout 2021, organizations are making permanent shifts to remote work. Gartner expects remote workers to increase by 41% in 2021 over 2019. This in turn has also given rise to multiple security incidents. Security and risk management leaders focusing on data security should explore security platforms beyond just traditional Data Loss Prevention solutions. They should also invest in solutions that are monitoring the employee behavior and thus tracking any malicious or intentional intent of attacker or insider threat.

Leave A Reply