Posts tagged ‘Zero Trust’

Jan 13

Gartner’s 4Q25 Information Security forecast shows 15 categories capturing half of all new security spending through 2029

Fifteen cybersecurity categories are growing up to three times faster than the overall market, capturing $48.7 billion in new spending by 2029.

That’s nearly half of the $98.4 billion the entire security market will add over the next four years. Cloud Security Posture Management leads the pack at 29.36% CAGR. Cloud Access Security Brokers follow at 24.81%.

Enterprises are fundamentally restructuring their security budgets, and the driver is brutal in its simplicity. Organizations now manage an average of 112 SaaS applications across multiple cloud providers. 82% of misconfigurations are caused by human error, according to Exabeam’s analysis. And Gartner estimates 99% of cloud security failures through 2025 will be the customer’s fault, primarily from these misconfigurations. Manual oversight breaks under this kind of scale. Enterprises are responding by investing in automation that manages what people can’t across hundreds of cloud accounts, thousands of APIs, and millions of attack vectors.

Gartner’s 4Q25 update delivers the clearest signal yet about where enterprise security budgets are heading. The overall information security market grows from $213.5 billion in 2025 to $311.9 billion by 2029 at 10.03% CAGR. These fifteen high-growth categories are expanding at 10.30% to 29.36% CAGR, capturing investment dollars at rates that dwarf legacy security spending patterns.

What makes these categories different

Every high-growth category eliminates manual bottlenecks that break under cloud-native workloads. CSPM scans configurations continuously. CASB provides visibility into unauthorized SaaS usage. ZTNA verifies every connection rather than trusting the network location. With 79% of organizations using multiple cloud providers, according to Spacelift’s research, manual processes create mathematical impossibilities.

These technologies prevent problems rather than clean up after them. CSPM catches misconfigurations before breaches. ZTNA eliminates the attack surface that VPNs create. Tokenization protects data even when systems get compromised. Security teams are finally getting ahead of threats instead of constantly playing catch-up.

And the ROI is quantifiable. IBM’s 2025 Cost of a Data Breach Report shows organizations using AI and automation extensively save $1.9 million per breach and reduce breach lifecycles by 80 days. U.S. breach costs average $10.22 million. These investments pay for themselves with a single prevented incident—a calculation CFOs understand.

The 15 categories reshaping enterprise security

1. Cloud Security Posture Management (CSPM) — 29.36% CAGR — $4.68B → $12.76B

CSPM platforms scan infrastructure continuously across AWS, Azure, and Google Cloud, automatically remediating misconfigurations before they become breaches. The 82% human error rate isn’t going to improve through training. Organizations managing 100+ cloud accounts need automation. CSPM adds $8.09 billion in new spending by 2029, the single largest dollar contribution among high-growth segments.

2. Cloud Access Security Brokers (CASB) — 24.81% CAGR — $2.30B → $5.58B

Here’s the brutal reality. Enterprises average 112 SaaS applications, but shadow IT accounts for 42% of all applications per JumpCloud’s data. IT stays blind to roughly 78 apps out of an average 187-app environment. The damage? 65% of shadow IT deployments result in data loss, and 52% lead to breaches, according to Mimecast research. CASBs restore visibility and control, growing to $5.58 billion by 2029.

3. Zero Trust Network Access (ZTNA) — 21.95% CAGR — $2.48B → $5.43B

ZTNA replaces the VPN model with application-specific access controls. Instead of network-level access, it provides application-specific connections verified for every request. Gartner predicts 70% of new remote access deployments will use ZTNA by 2025, up from less than 10% at the end of 2021. And 65% of companies plan to retire VPNs within one year per Cybersecurity Insiders data. This represents a wholesale rethinking of secure access. The perimeter-based model is dying. Good riddance.

4. Threat Intelligence — 21.73% CAGR — $2.58B → $5.69B

Modern threat intelligence platforms fuse telemetry from open-source intelligence, dark-web monitoring, vendor feeds, and internal logs. Machine learning prioritizes indicators based on organizational relevance. IBM data shows organizations integrating threat intelligence reduce detection and escalation costs while cutting incidents by 30%. The market reaches $5.69 billion by 2029 as enterprises shift from passive threat feeds to automated response integration.

5. Cloud Workload Protection Platforms (CWPP) — 21.53% CAGR — $5.98B → $13.11B

Traditional endpoint security can’t protect containers that spin up and vanish in seconds. Serverless functions executing for milliseconds? Legacy tools weren’t designed for that. CWPP solutions instrument workloads directly at the kernel or hypervisor level, monitoring system calls, file access, and network connections in real-time. The 21.53% CAGR reflects the rapid shift toward microservices and Kubernetes. As workloads migrate into container clusters, protecting them becomes a survival-level priority.

6. Consent and Preference Management — 20.22% CAGR — $0.81B → $1.64B

GDPR fines surpassed €5.88 billion by January 2025, according to DLA Piper’s annual survey. California’s CCPA penalties keep climbing. The California Privacy Protection Agency recently fined Todd Snyder $345,178 for inadequate opt-out and privacy request processes. Manual consent workflows can’t meet regulatory deadlines across jurisdictions. Automated platforms centralize preferences across web, mobile, and API endpoints while providing auditable logs for regulators.

7. Subject Rights Request (SRR) Automation — 14.26% CAGR — $1.24B → $2.01B

When users demand “delete my data,” these platforms automate orchestration across internal systems and third-party vendors. Privacy laws grant individuals rights to access, correct, and delete personal data with strict compliance timelines. SRR automation prevents the penalties that result from manual processing failures at scale, especially as more jurisdictions implement data privacy regulations.

8. Network Detection and Response (NDR) — 13.44% CAGR — $2.15B → $3.37B

NDR platforms establish behavioral baselines using statistical analysis and machine learning. When anomalies appear (unusual lateral movement, data exfiltration attempts, command-and-control traffic), they raise alerts or automatically isolate systems. The mindset shift matters here. Rather than hoping to prevent all attacks, sophisticated organizations invest in rapid detection that minimizes damage when attackers inevitably breach perimeters. Prevention alone isn’t sufficient anymore.

9. Vulnerability Assessment — 13.02% CAGR — $3.48B → $5.60B

Quarterly vulnerability scans are obsolete in CI/CD pipelines deploying multiple times daily. Modern assessment platforms provide continuous scanning integrated with exploit intelligence to prioritize patches based on real-world risk. DevOps teams need vulnerability detection that keeps pace with their deployment cadence. Anything less creates unacceptable exposure windows.

10. Tokenization — 12.68% CAGR — $1.34B → $2.11B

Tokenization replaces sensitive data with non-reversible tokens that can’t be mathematically decoded. The urgency comes from quantum computing advances. NIST finalized post-quantum encryption standards in August 2024, including ML-KEM (formerly CRYSTALS-Kyber) and ML-DSA (formerly CRYSTALS-Dilithium). Attackers already practice “harvest now, decrypt later”—collecting encrypted data today for quantum decryption within five to ten years. Organizations must begin quantum-safe transitions now.

11. Endpoint Protection Platform (EPP) — 12.51% CAGR — $17.68B → $28.36B

The largest single category adds $10.68 billion in new spending as ransomware attacks surge. U.S. ransomware attacks increased 149% year-over-year—from 152 incidents in early 2024 to 378 in the same period of 2025, according to Cyble analysis. Next-generation EPP platforms use behavioral analytics and signatureless detection to stop ransomware before encryption begins, catching what traditional antivirus misses.

12. Secure Web Gateway (SWG) — 11.63% CAGR — $4.44B → $6.74B

Malicious sites appear and disappear in hours. Cloud-delivered SWGs update threat intelligence in real-time, protecting remote and hybrid workforces wherever they connect. Integration with ZTNA creates comprehensive security that follows users across devices and locations without relying on network perimeters that no longer exist.

13. Web Application Firewalls (WAF) — 10.92% CAGR — $2.48B → $3.74B

Organizations expose hundreds of APIs and microservices—each a potential attack vector. Traditional network firewalls can’t inspect application-layer attacks like SQL injection, cross-site scripting, or API abuse. Modern WAFs use machine learning to differentiate legitimate user behavior from attack traffic without blocking customers. Getting that balance right is harder than it sounds.

14. Encryption — 10.64% CAGR — $1.35B → $1.98B

NIST’s standardization of quantum-resistant algorithms signals the urgency that organizations can no longer ignore. With quantum computing advances accelerating, encrypted data collected today faces decryption within a decade. Enterprises must transition to post-quantum cryptography now because full integration across complex environments takes years. This isn’t theoretical risk anymore.

15. Security Information and Event Management (SIEM) — 10.30% CAGR — $7.60B → $11.15B

AI transforms SIEM from reactive log collection to proactive threat hunting. The latest platforms embed unsupervised machine learning to detect zero-day attacks and automatically enrich alerts with context. Organizations using AI-powered automation save $1.9 million per breach and cut incident lifecycles by 80 days—turning security operations into a competitive advantage rather than a cost center.

Why this matters

Cloud complexity has proven exponential. With 79% of organizations using multiple cloud providers and managing hundreds of accounts, manual security processes break under the load. The 29.36% CAGR for CSPM isn’t market optimism. It’s organizational survival.

Shadow AI joins shadow IT as a core threatscape element. Shadow AI breaches cost $4.63 million—$670,000 more than standard incidents, according to IBM data. But AI also powers the best defenses, with automated security tools reducing breach lifecycles by 80 days. The same technology that creates vulnerabilities offers the most effective countermeasures.

Compliance costs keep accelerating. Between GDPR, CCPA, and emerging global regulations, manual compliance processes create escalating liability. Automated platforms turn regulatory requirements into competitive advantages by reducing fine exposure and accelerating data subject request responses.

Bottom Line

The organizations winning this transformation aren’t those with the largest security budgets. They’re the ones investing in the right categories at the right time. These fifteen segments define what modern security architecture looks like and capture nearly half of all new security spending through 2029.

Gartner’s 4Q25 data delivers a clear message. Security spending is shifting to automation-driven, zero-trust, cloud-native architectures. Organizations still relying on legacy approaches aren’t just falling behind. They’re accepting risks the market has already priced as unacceptable.

Source: Gartner Forecast: Information Security, Worldwide, 2023-2029, 4Q25 Update (Document G00843183, published December 18, 2025), showing overall market growth from $213.5B (2025) to $311.9B (2029) at 10.03% CAGR in constant currency.

Nov 26

15 fastest-growing security categories in Gartner’s 3Q25 Information Security Forecast

Cloud Security Posture Management is growing at a 31.23% CAGR. Zero Trust Network Access at 23.25%. Threat Intelligence at 22.17%. The overall security market? Just 10.55%. Fifteen categories are outpacing the market by two to three times, collectively capturing $106 billion in new spending by 2029. Enterprise security budgets aren’t just expanding. They’re being redirected.

And the driver? Brutally simple.

Gartner estimates 99% of cloud security failures through 2025 will be the customer’s fault, primarily due to misconfigurations. Organizations are responding by investing aggressively in technologies that automate what humans simply can’t manage manually across hundreds of cloud accounts, thousands of APIs, and millions of potential attack vectors.

What these growth rates say about Gartner’s view of the market

These fifteen categories represent $106.4 billion in new spending by 2029, growing from today’s baseline. What do they have in common? Three characteristics that explain why enterprises are pouring money into them:

Automation at Scale. Every high-growth category automates processes that break when done manually, whether it’s scanning cloud configurations, managing consent across jurisdictions, or detecting behavioral anomalies in network traffic. There’s no other way to keep pace.
Proactive vs. Reactive. These technologies prevent problems rather than clean up after them. CSPM catches misconfigurations before breaches. ZTNA eliminates the attack surface that VPNs create. Tokenization protects data even if systems are compromised. Security teams are finally getting ahead of the threat curve instead of playing catch-up.
Measurable ROI. IBM’s 2025 Cost of a Data Breach Report shows organizations using AI and automation extensively save $1.9 million per breach and reduce breach lifecycle by 80 days. With U.S. breach costs hitting $10.22 million, these investments pay for themselves with a single prevented incident.

The 15 categories reshaping security architecture

1. Cloud Security Posture Management (CSPM) | 31.23% CAGR | $2.5B → $13.0B

CSPM tools continuously scan infrastructure across AWS, Azure, and Google Cloud. With 82% of misconfigurations caused by human error and organizations managing 100+ cloud accounts, CSPM automates what’s mathematically impossible to do manually. The market will reach $15.6 billion by 2032.

2. Cloud Access Security Brokers (CASB) | 25.82% CAGR | $1.5B → $5.8B

Here’s a reality check. Enterprises average 112 SaaS applications, but shadow IT, or unauthorized apps, accounts for 42% of all applications. IT remains unaware of one-third of the apps on its networks. The damage? 65% of shadow IT companies suffer data loss, and 52% experience breaches. CASBs transform this chaos into visibility and control.

3. Zero Trust Network Access (ZTNA) | 23.25% CAGR | $1.6B → $5.6B

ZTNA kills the VPN model. Instead of network access, it provides application-specific connections verified for every request. Gartner predicts 70% of new remote access deployments will use ZTNA by 2025. With 65% of companies planning to replace VPNs, this shift represents a wholesale rethinking of secure access. The perimeter-based model is dying. Good riddance.

4. Cloud Workload Protection Platforms (CWPP) | 22.78% CAGR | $3.9B → $13.5B

CWPP platforms secure everything from traditional VMs to containers that exist for milliseconds. Legacy endpoint security can’t protect ephemeral containers or serverless functions—it wasn’t designed for workloads that appear and disappear in seconds. The shift to microservices demands purpose-built security.

5. Consent and Preference Management | 22.39% CAGR | $0.5B → $1.7B

GDPR fines reached €5.88 billion by January 2025, according to the DLA Piper GDPR Fines and Data Breach Survey. California’s CCPA penalties continue climbing; the California Privacy Protection Agency fined Todd Snyder $345,178 for inadequate opt-out and privacy request processes. Manual handling can’t meet regulatory deadlines. Automation prevents massive fines.

6. Threat Intelligence | 22.17% CAGR | $1.8B → $5.8B

IBM data shows threat intelligence reduces detection and escalation costs by $1.63 million while cutting incidents by 30%. Modern platforms aggregate data about bad actors and vulnerabilities, transforming raw threat data into automated responses across security stacks. The days of threat feeds sitting in dashboards, unused, are over.

7. Subject Rights Request Automation | 16.53% CAGR | $0.8B → $2.1B

When users demand “delete my data,” these platforms automate the process across all systems. Manual handling doesn’t scale, not when you’re managing requests across multiple jurisdictions with different requirements and tight deadlines.

8. Tokenization | 14.26% CAGR | $1.0B → $2.2B

Tokenization replaces sensitive data with meaningless tokens that can’t be mathematically reversed. Why the urgency now? NIST standardized quantum-resistant algorithms, including ML-KEM (formerly CRYSTALS-Kyber), in August 2024. Organizations are preparing for quantum threats expected within five to ten years.

9. Network Detection and Response (NDR) | 14.05% CAGR | $1.6B → $3.5B

NDR platforms use AI to establish behavioral baselines and detect anomalies signaling compromise. Here’s the mindset shift: rather than hoping to prevent all attacks, innovative organizations invest in rapid detection that minimizes damage when sophisticated attackers inevitably get through. Prevention isn’t enough anymore.

10. Vulnerability Assessment | 13.98% CAGR | $2.6B → $5.7B

Cloud infrastructure changes constantly. Quarterly scans are obsolete before they finish. Modern platforms provide continuous scanning in CI/CD pipelines, prioritizing based on real-world exploit data. DevOps teams deploying daily need vulnerability detection that keeps pace. Anything less is theater.

11. Endpoint Protection Platform (EPP) | 13.61% CAGR | $13.5B → $29.1B

The largest category doubles to $29.1 billion as ransomware attacks surge. According to Cyble analysis cited by TechTarget, U.S. ransomware attacks increased by 149% year-over-year in the first five weeks of 2025. Manufacturing led targets with 638 attacks in 2023, per Statista data compiled by Fortinet. Next-gen EPP uses behavioral analytics to stop ransomware before encryption begins—catching what traditional antivirus misses.

12. Secure Web Gateway (SWG) | 13.26% CAGR | $3.3B → $7.0B

Malicious sites appear and disappear in hours. Cloud-delivered SWGs update threat intelligence in real-time, protecting remote workers wherever they connect. Integration with ZTNA creates comprehensive security that follows users across devices and locations. The old perimeter? It no longer exists.

13. Web Application Firewalls (WAF) | 11.93% CAGR | $2.0B → $3.8B

Organizations expose hundreds of APIs, each a potential attack vector. Traditional network firewalls can’t inspect application-layer attacks. Modern WAFs use machine learning to distinguish legitimate users from attackers without blocking customers. Getting that balance right is harder than it sounds.

14. Encryption | 11.90% CAGR | $1.0B → $2.0B

NIST’s standardization of quantum-resistant algorithms signals urgency. Attackers already practice “harvest now, decrypt later”—collecting encrypted data for future quantum decryption. Organizations must transition to post-quantum cryptography now, as full integration takes years. This isn’t theoretical risk anymore.

15. Security Information and Event Management (SIEM) | 11.74% CAGR | $5.8B → $11.3B

AI transforms SIEM from reactive to proactive. Organizations using AI-powered automation save $1.9 million per breach, according to IBM’s newsroom. Machine learning models identify attack patterns and detect zero-day threats before signatures exist, turning security operations into a competitive advantage.

The Investment Thesis behind the numbers

These growth rates reflect three converging realities:

Cloud Complexity Is Exponential. With 79% of organizations using multiple cloud providers and managing hundreds of accounts, manual security is mathematically impossible. The 31.23% CAGR for CSPM isn’t optimism, it’s survival.
AI Changes Everything. Shadow AI breaches cost $4.63 million, $670,000 more than standard incidents. But AI also powers the defense, with automated security tools reducing breach lifecycles by 80 days. The same technology that creates vulnerabilities offers the best defense.
Compliance Costs Are Skyrocketing. Between GDPR, CCPA, and emerging regulations, manual compliance is a liability that grows daily. Automation platforms turn regulatory requirements into competitive advantages.

The Bottom Line

The organizations winning this race aren’t those with the most significant security budgets; they’re those investing in the right categories at the right time. These fifteen segments aren’t just growing fast; they’re defining what modern security architecture looks like.

The message from Gartner’s data is unambiguous: security spending is shifting from reactive to proactive, from manual to automated, from perimeter-based to zero-trust. Organizations still relying on legacy approaches aren’t just falling behind; they’re accepting risks that the market has already priced as unacceptable.

Source: Gartner Information Security Forecast 3Q25 Update (Document G00839334), showing overall market growth from $215.8B (2025) to $322.2B (2029) at 10.55% CAGR

Nov 10

Top 10 Identity Security Insights from Forrester’s 2025 Security & Risk Summit

Bottom line: Identity security stands at an unprecedented crossroads, with machine identities creating greater complexity and potential chaos every security professional needs to plan for.

At Forrester’s 2025 Security & Risk Summit, Merritt Maxim, VP and Research Director at Forrester, delivered critical insights highlighting the escalating threats shaping identity security’s evolution. CISOs and security leaders find themselves navigating surging threats driven by generative AI, the rapid proliferation of non-human identities, and outdated IAM infrastructures originally designed solely for compliance. Maxim emphasized a pressing urgency: identity strategies must adapt or risk catastrophic breaches and compliance failures.

Here’s a detailed breakdown of the top 10 insights from Forrester’s Summit, including the specific slides from Maxim’s presentation and deeper insights from Forrester’s latest data:

1. Identity Security Budgets Accelerate Toward $27.5B by 2029

IAM investment is growing explosively, set to nearly double from $13.4 billion in 2024 to $27.5 billion by 2029, driven by the escalating complexity and severity of identity-related threats such as AI-driven deepfakes, sophisticated supply-chain attacks, and rampant cloud misconfigurations. This positions IAM as cybersecurity’s third fastest-growing segment, underscoring identity security as a business-critical imperative.

2. Hybrid IAM Still Dominates—77% Keep On-Premise Components

Despite the relentless push to the cloud, 77% of organizations continue relying on hybrid IAM deployments due to legacy infrastructure and regulatory constraints. Fully cloud-based identity management remains a distant reality, with only 9% fully transitioned. Maxim stressed hybrid IAM’s persistence, highlighting the necessity for seamless integration capabilities between on-premises systems and cloud IAM platforms.

3. Third-party Risk Matches Compliance as a Top IAM Driver

Forrester revealed a pivotal shift: managing third-party identities (32%) is now equally critical as regulatory compliance (32%) in driving IAM investments. High-profile breaches at Okta and CyberArk underscore vulnerabilities introduced by third-party identities, necessitating robust governance models that go beyond basic compliance checklists.

4. Static Entitlements Are Obsolete; Zero Standing Privilege Is Now Mandatory

The static entitlement model—assigning privileges during onboarding—is officially outdated. Forrester highlighted Zero Standing Privilege (ZSP) architectures as the definitive new standard, utilizing the Continuous Access Evaluation Protocol (CAEP) to dynamically assign permissions at runtime. This strategy mitigates rampant privilege sprawl, dramatically reducing attack surfaces.

5. Identity Management Converges Across Security, Marketing, and CX

Enterprises are rapidly integrating fragmented identity management systems across marketing, customer experience (CX), fraud prevention, and security. Maxim emphasized that businesses consolidating these functions significantly improve detection speed, minimize breaches, and enhance end-user experience. Leveraging customer preference and security data together is becoming a strategic advantage.

6. Vendor Consolidation Radically Reshapes IAM Markets

IAM vendor consolidation accelerated significantly, highlighted by major moves such as Palo Alto Networks acquiring CyberArk, Ping Identity merging with ForgeRock, and CrowdStrike purchasing Adaptive Shield. Enterprises increasingly demand integrated identity platforms combining PAM, IGA, and Identity Threat Detection & Response (ITDR), driving these high-profile acquisitions.

7. Generative AI Exacerbates Identity Threats but Offers Transformational Defenses

Generative AI escalates identity threats dramatically through enhanced phishing and sophisticated deepfake impersonations. Conversely, GenAI’s defensive capabilities are equally transformative, enabling automated identity threat detection, rapid response, and real-time entitlement adjustments. Maxim described these dual dynamics as essential to future IAM strategies.

8. Machine Identities Are a Critical Emerging Attack Vector

The explosive growth in non-human identities (IoT, APIs, AI agents) vastly expands attack surfaces. Enterprises urgently need automated platforms from vendors like CyberArk, Venafi, and HashiCorp to manage this surge. Forrester highlighted machine identities as a rapidly intensifying risk requiring immediate attention and robust governance.

9. Phishing-Resistant MFA Is Dangerously Under-Deployed

Alarmingly, only 21% of companies deploy phishing-resistant MFA after breaches, despite the increasing sophistication of MFA-bypass attacks. Forrester insists enterprises must urgently adopt solutions like FIDO2 and WebAuthn. Maxim warned that neglecting these standards leaves companies dangerously exposed to credential-based compromises.

10. Context-Aware IAM Becomes a Real-time Security Necessity

Static IAM fails against machine-speed threats. Context-aware IAM, powered by dynamic authorization, continuously assesses real-time user behavior, device posture, and threat intel. Forrester identifies this adaptive approach as critical, turning identity from a passive gatekeeper to a proactive defender, which is essential for stopping attacks before damage occurs

Bottom Line: Adaptive identity security defines enterprise survival

Identity security has become synonymous with enterprise survival. Merritt Maxim’s compelling insights from Forrester’s 2025 Security & Risk Summit underscore a new identity imperative: convergence, consolidation, and context must drive strategic identity transformations. Following Forrester’s lead, enterprises must prioritize investment in dynamic Zero Standing Privilege architectures, integrated identity platforms, generative AI-enabled threat response, robust machine identity management, and phishing-resistant MFA immediately. The future of enterprise resilience hinges directly on evolving identity security today.

Nov 3

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report

“With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities,” states Forrester’s 2026 Budget Planning Guide.

The research firm’s planning guide for next year provides security leaders with new insights into how their clients are allocating budgets, which gives a helpful overview of the next 12 months of cybersecurity spending.

Implicit in the guide is the need for new technologies that enable organizations to be more adaptive to threats and take action on them before they become breaches. There’s also a strong focus on getting a head start on new technologies, anticipating the severity of threats new developments in AI, generative AI (genAI), deepfakes, and all other forms of weaponized technologies can pose to an organization.

Software is a solid 40% of cybersecurity spending, exceeding hardware at 15.8%, outsourcing at 15% and surpassing personnel costs at 29% by 11 percentage points. Meanwhile, security leaders face escalating threats, with generative AI attacks executing in milliseconds, a stark contrast to the average Mean Time to Identify (MTTI) of 181 days, according to IBM’s latest Cost of a Data Breach Report.

A fast-changing threatscape is changing spending priorities

Three converging threats are flipping cybersecurity on its head. What once protected organizations is now working against them. Generative AI (gen AI) is enabling attackers to craft 10,000 personalized phishing emails per minute using scraped LinkedIn profiles and corporate communications. NIST’s 2030 quantum deadline threatens retroactive decryption of $425 billion in currently protected data. Deepfake fraud that surged 3,000% in 2024 now bypasses biometric authentication in 97% of attempts, forcing security leaders to reimagine defensive architectures fundamentally.

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

1. Software now claims 40% of cybersecurity budgets, surpassing personnel spend. Forrester’s budget planning guide reports that software now accounts for approximately 40.2% of cybersecurity spending, eclipsing combined hardware and outsourcing budgets. It’s noteworthy that software spending is surpassing personnel costs by 11 percentage points.

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report — Source: Forrester Budget Planning Guide 2026: Security and Risk

2. Security budgets are accelerating, with 55% of global security and tech leaders forecasting significant increases next year. A robust 15% anticipate their budgets jumping more than 10%, and another 40% project hikes between 5% and 10%. Regional outlooks vary sharply: APAC is most bullish, with 22% expecting double-digit growth, compared to a cautious 9% in North America and just 12% in EMEA. However, nearly half (45%) remain reserved; 30% predict minimal budget bumps of 1%–4% or barely keeping pace with inflation, while another 10% expectSource: Forrester Budget Planning Guide 2026: Security and Risk no change, and 5% foresee cuts.

3. Cloud security, on-prem tech, and security awareness training are set to lead cybersecurity spending in 2026. Decision-makers are doubling down on cloud security, with 12% boosting budgets in this area by 10% or more, 11% doing the same for new on-premises solutions, and another 10% ramping up security awareness programs. Notably, investments in on-premises security technology appear twice among the top priorities, as 36% plan at least a 5% increase for both new deployments and upgrades to existing infrastructure. The numbers reflect an uneven global adoption of cloud strategies, driven by persistent concerns around cost, security, and data sovereignty. APAC is exceptionally bullish. 78% of companies there plan increased spending on new on-prem security, outpacing EMEA by 10% and North America by 8%.

4. Forrester recommends that security leaders broaden AI and ML security throughout the enterprise in 2026 as generative AI moves from standalone apps to essential business systems. Productivity suites, CRM platforms, and service tools now embed genAI natively, transforming workflows and widening potential attack surfaces. Enterprises urgently need comprehensive protection across AI models, data, applications, and user identities to counter risks such as model vulnerabilities, data leakage, and prompt jailbreaking. Hyperscalers like Google Cloud and Microsoft are responding quickly, while cybersecurity incumbents, notably Palo Alto Networks with its Protect AI acquisition, actively expand their footprint. Meanwhile, innovative startups, including Knostic and CalypsoAI, both featured at RSA’s Innovation Sandbox, target niche but critical genAI security gaps. Enterprises investing strategically now will securely scale genAI deployments and establish a clear competitive advantage.

5. Standalone SSE spending will sharply decline in 2026 as enterprises shift to unified SASE platforms, streamlining security operations and accelerating Zero Trust initiatives. Initially positioned to fill security gaps left by SD-WAN deployments and the surge in remote work, standalone SSE and isolated ZTNA solutions have now reached their functional limits. Leading companies increasingly adopt integrated platforms like Cato Networks’ cloud-native SASE, which consolidates SD-WAN, ZTNA, SWG, CASB, and firewall capabilities within a single, unified framework. As I’ve noted in VentureBeat, CISOs who pivot to unified SASE platforms benefit from simpler integration, superior AI-driven threat detection, and significant operational efficiencies that isolated solutions cannot deliver. Organizations proactively embracing integrated SASE from providers like Cato Networks will immediately enhance security resilience, improve operational agility, and significantly reduce vendor complexity.

6. Forrester predicts that by 2026, security leaders will seize a critical advantage by accelerating the adoption of post-quantum cryptography (PQC). With NIST’s landmark release of three core PQC standards in August 2024, organizations now have clear guidance to protect their data and applications against emerging quantum threats. Most governments align with NIST timelines, targeting legacy encryption deprecation by 2030, while Australia’s ASD urges adoption of approved PQC algorithms even sooner. Enterprises should immediately focus efforts on securing their most sensitive asymmetric cryptography, covering data at rest, data in transit, and data actively used within applications. Comprehensive cryptographic discovery and inventory tools provide the visibility required to assess readiness. Strategic partnerships with cryptoagility innovators, including Entrust, IBM, Keyfactor, Palo Alto Networks, QuSecure, SandboxAQ, and Thales, enable organizations to define a clear, secure migration path. Organizations acting decisively now will confidently navigate the quantum transition and fortify their competitive edge.

7. Machine identity management will become essential by 2026 as automated identities multiply rapidly across the IT infrastructure. Apps, AI agents, IoT devices, containers, cloud environments, and infrastructure scripts now generate identities faster than humans can manually track or manage. Enterprises urgently require solutions capable of managing these identities throughout their lifecycle, automating key rotations, and enforcing role-based access. Leading vendors, including Akeyless, BeyondTrust, CyberArk, Delinea, HashiCorp, Keyfactor, AppViewX, and emerging startups like Aembit, Astrix, Clutch, Entro, and Oasis Security, offer robust platforms to meet this challenge.

8. There will be a significant reallocation away from standalone interactive application security testing (IAST) in 2026, as operational hurdles continue to limit adoption. Originally designed to blend the runtime accuracy of dynamic application security testing (DAST) with static application security testing’s (SAST) code-level insights, standalone IAST has proven overly complex. Forrester recommends shifting budgets toward integrated IAST and DAST platforms, such as those from Invicti and HCLSoftware, that simplify deployment. Alternatively, APIs, microservices, and containers provide more transparent and consistent returns.

9. Consolidation of endpoint security and SIEM tools will accelerate in 2026. As extended detection and response (XDR) platforms gain momentum, security leaders have a clear opportunity to reduce agent sprawl, improve analyst efficiency, and lower the total cost of ownership. Vendors, including Microsoft, CrowdStrike, and Palo Alto Networks, now embed critical SIEM functions such as detection, correlation, third-party data ingestion (particularly from cloud, identity, and email), and response directly within their XDR offerings. While these integrated solutions currently don’t fully match standalone security analytics platforms, they deliver compelling advantages: simplified deployments, centralized threat context, and measurable operational savings. Organizations consolidating around unified XDR solutions today will streamline security operations and achieve faster, higher-quality threat detection.

10. By 2026, rapidly evolving generative AI will make deepfakes virtually indistinguishable from authentic media, rendering simplistic identity checks obsolete. Enterprises must proactively deploy sophisticated detection platforms using advanced ensemble modeling—spectral analysis, image artifacts, skin tone consistency, lighting anomalies, audio echo patterns, and device reputation, to ensure trusted employee verification and transaction authentication. Vendors such as GetReal Security, Sensity, and Reality Defender already offer real-time risk scoring, transparent reasoning, and integrated case management. Early adopters will safeguard identity security, sustain customer trust, and remain resilient against future deepfake threats.

Mar 10

Gartner Predicts Solid Growth for Information Security, Reaching $287 Billion by 2027

Image created in DALL-E

AI continues to become more weaponized with nation-state attackers and cybercrime gangs experimenting with LLMs and gen AI-based attack tradecraft. The age of weaponized LLMs is here.

At the same time, multi-cloud-based infrastructures more businesses rely on are coming under attack. Exfiltrating any identity data available from endpoints and then traversing a network to gain more access by collecting more credential data is often the goal.

Cyberattacks that combine AI and social engineering are just beginning

Attackers have a version of human-in-the-middle, too, but their goal is to unleash AI’s offensive attack capabilities within social engineering campaigns. Last year’s social engineering-based attacks on MGM, Comcast, Shield Healthcare Group, and others serve as a case in point.

CrowdStrike’s 2024 Global Threat Report finds that cloud intrusions jumped 75% last year. There was a 76% increase in data theft victims named on data leak sites and a 60% increase in interactive intrusion campaigns. Worse, 75% of attacks were malware-free, making them difficult to identify and stop. There was also a 110% YoY increase in cloud-conscious cases.

PwC’s 2024 Digital Trust Insights Report finds that 97% of senior management teams have gaps in their cloud risk management plans. 47% say cloud attacks are their most urgent threat. One in three senior management teams is prioritizing cloud security as their top investment this year.

Gartner sees a more complex threatscape driving growth

Gartner’s Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update report predicts the information security and risk management market will grow from $185 billion in 2023 to $287 billion in 2027, attaining a compound annual growth rate of 11% in constant currency.

Nation-state attackers are picking up the pace of their stealthy AI arms race. They’re looking to score offensive first victories on an increasingly active digital battlefield. Gartner predicts that in 2027, 17% of the total cyberattacks and data leaks will involve generative AI.

Another key assumption driving Gartner’s latest forecast is that by 2025, user efficiency improvements will drive at least 35% of security vendors to offer large language model (LLM)-driven chat capabilities for users to interact with their applications and data, up from 1% in 2022.

Gartner has also factored in the surge in cloud attacks and the continued growth of hybrid workforces. One of their key assumptions driving the forecast is that “by the end of 2026, the democratization of technology, digitization, and automation of work will increase the total available market of fully remote and hybrid workers to 64% of all employees, up from 52% in 2021.”

Source: Gartner, Forecast Analysis: Information Security and Risk Management, Worldwide, Published February 29, 2024

Source: Gartner, Forecast Analysis: Information Security and Risk Management, Worldwide, Published 29 February 2024

Key takeaways from Gartner’s forecast

Market subsegments predicted to see the most significant growth through 2027 include the following:

Gartner has high expectations for Zero Trust Network Access (ZTNA) growth, stating the worldwide market was worth $575.7 million in 2021 and predicting it will soar to $3.99 billion in 2027, attaining a 31.6% CAGR in the forecast period.
Identity Access Management (IAM) is predicted to grow from $4 billion in 2021 to $11.1 billion in 2027, attaining a 17.6% CAGR. Identity Governance and Administration software is predicted to grow from $2.8 billion in 2021 to $5.77 billion in 2027, attaining a 12.8% CAGR.
Endpoint Protection Platforms (EPP) are predicted to grow from $9.8 billion in 2021 to $26.9 billion in 2027, achieving a 17.2% CAGR.
Threat Intelligence software is predicted to grow from $1.1 billion in 2021 to $2.79 billion in 2027, growing at a 15.6% CAGR through the forecast period.
Cloud Access Security Brokers (CASB) is predicted to grow from $928M in 2021 to $4.75 billion in 2027, attaining a CAGR of 30.2%. Gartner believes that the market share of cloud-native solutions will continue to grow. They are predicting that the combined market for cloud access security brokers (CASBs) and cloud workload protection platforms (CWPPs) will reach $12.8 billion in constant currency by 2027, up from $4.6 billion in 2022. Gartner continues to also see strong demand for cloud-based detection and response solutions that include endpoint detection and response (EDR) and managed detection and response (MDR).

Mar 23

What Enterprises Need To Plan For In 2021 When It Comes To Endpoint Security

Bottom Line: Today’s largely-distributed enterprises need to make sure they are putting endpoint security first in 2021– which includes closely managing every stage of the device lifecycle, from deployment to decommission, and ensuring all sensitive data remains protected.

There’s a looming paradox facing nearly every organization today of how they’ll secure thousands of remote endpoints without having physical access to devices, and without disrupting worker productivity. Whether there’s the need to retire hardware as part of down-sizing or cost-cutting measures, or the need to equip virtual teams with newer equipment more suitable for long term work-from-home scenarios, this is one of the most pressing issues facing CISOs and CIOs today.

Wanting to learn more about how their customers are tackling their endpoint security challenges and how their companies are helping to solve it, I sat down (virtually) with Absolute Software’s President and CEO Christy Wyatt and Matthew Zielinski, President of North America Intelligent Devices Group at Lenovo. The following is my interview with both of them:

Louis Columbus: Christy and Matt, thanks so much for your time today. To get started, I would like each of you to share what you’re hearing from your customers regarding their plans to refresh laptops and other endpoint devices in 2021.

Christy Wyatt: We’re seeing a strong desire from organizations to ensure that every individual is digitally enabled, and has access to a screen. In some cases, that means refreshing the hardware they already have in the field, and in other cases, that means buying or adding devices. From the endpoint security standpoint, there’s been a shift in focus around which tools matter the most. When laptops were primarily being used on campus, there was a certain set of solutions to monitor those devices and ensure they remained secure. Now that 90% of devices are out of the building, an entirely different set of capabilities is required – and delivering those has been our focus.

Matt Zielinski: We are seeing historic levels of demand from consumers, as many are transitioning from having maybe one or two devices per household to at least one device per person. We’re also seeing the same levels of demand on both the education and enterprise side. The new dynamic of work-from-anywhere, learn-from-anywhere, collaborate-from-anywhere underscores that the device hardware and software need to be current in order to support both the productivity and security needs of hugely distributed workforces. That’s our highest priority.

Louis: Where are CISOs in their understanding, evaluation, and adoption of endpoint security technologies?

Christy: The journey has been different for the education market than for the enterprise market. Most enterprise organizations were already on the digital path, with some percentage of their population already working remotely. And because of this, they typically have a more complex security stack to manage; our data shows that the total number of unique applications and versions installed on enterprise devices is nearly 1.5 million. What they’ve seen is a trifecta of vulnerabilities: employees taking data home with them, accessing it on unsecured connections, and not being aware of how their devices are protected beyond the WiFi connection and the network traffic.

In the education space, the challenges – and the amount of complexity – are completely different; they’re managing just a small fraction of that total number of apps and versions. That said, as the pandemic unfolded, education was hit harder because they were not yet at a point where every individual was digitally connected. There was a lot of reliance on being on campus, or being in a classroom. So, schools had to tackle digital and mobile transformation at the same time – and to their credit, they made multiple years of progress in a matter of weeks or months. This rapid rate of change will have a profound effect on how schools approach technology deployments going forward.

Matt: Whether in enterprise or education, our customers are looking to protect three things: their assets, their data, and their users’ productivity. It’s a daunting mission. But, the simplest way to accomplish it is to recognize the main control point has changed. It’s no longer the server sitting behind the firewall of your company’s or school’s IT environment. The vulnerability of the endpoint is that the network is now in the user’s hands; the edge is now the primary attack surface. I think CISOs realize this, and they are asking the right questions… I just don’t know if everyone understands the magnitude or the scale of the challenge. Because the problem is so critical, though, people are taking the time to make the right decisions and identify all the various components needed to be successful.

Louis: It seems like completing a laptop refresh during the conditions of a pandemic could be especially challenging, given how entire IT teams are remote. What do you anticipate will be the most challenging aspects of completing a hardware refresh this year (2021)?

Matt: The PC has always been a critical device for productivity. But now, without access to that technology, you are completely paralyzed; you can’t collaborate, you can’t engage, you can’t connect. Lenovo has always been focused on pushing intelligent transformation as far as possible to get the best devices into the hands of our customers. Beyond designing and building the device, we have the ability to distribute asset tags and to provide a 24/7 help desk for our customers whether you’re a consumer, a school, or a large institution. We can also decommission those devices at the end, so we’re able to support the entire journey or lifecycle.

The question has really become, how do you deliver secure devices to the masses? And, we’re fully equipped to do that. For example, every Lenovo X1 Carbon laptop comes out of the box with Lenovo Security Assurance, which is actually powered by Absolute; it is in our hardware. Our customers can open a Lenovo PC, and know that it is completely secure, right out of the box. Every one of our laptops is fortified with Absolute’s Persistence technology and self-healing capabilities that live in the BIOS. It’s that unbreakable, secure connection that makes it possible for us to serve our customers throughout the entire lifecycle of device ownership.

Louis: Why are the legacy approaches to decommissioning assets falling short / failing today? How would you redesign IT asset-decommissioning approaches to make them more automated, less dependent on centralized IT teams?

Christy: There have been a few very visible cases over the past year of highly regulated organizations, experiencing vulnerabilities because of how they decommissioned – or did not properly decommission – their assets. But, I don’t want anyone to believe that that this is a problem that is unique to regulated industries, like financial services. The move to the cloud has given many organizations a false sense of security, and it seems that the more data running in the cloud, the more pronounced this false sense of security becomes. It’s a mistaken assumption to think that when hardware goes missing, the security problem is solved by shutting down password access and that all the data is protected because it is stored in the cloud. That’s just not true. When devices aren’t calling in anymore, it’s a major vulnerability – and the longer the device sits without being properly wiped or decommissioned, the greater the opportunity for bad actors to take advantage of those assets.

The other piece that should be top of mind is that once a device is decommissioned, it’s often sold. We want to ensure that nothing on that device gets passed on to the next owner, especially if it’s going to a service or leasing program. So, we’ve concentrated on making asset decommissioning as precise as possible and something that can be done at scale, anytime and anywhere.

Matt: Historically, reclaiming and decommissioning devices has required physical interaction. The pandemic has limited face-to-face encounters, so , we’re leveraging many different software solutions to give our customers the ability to wipe the device clean if they aren’t able to get the asset back in their possession, so that at least they know it is secure. Since we’re all now distributed, we’re looking at several different solutions that will help with decommissioning, several of which are promising and scale well given today’s constraints. Our goal is to provide our enterprise customers with decommissioning flexibility, from ten units to several thousand.

Louis: Paradoxically, having everyone remote has made the business case for improving endpoint security more compelling too. What do you hear from enterprises about accelerating digital transformation initiatives that include the latest-generation endpoint devices?

Christy: The same acceleration that I spoke about on the education side, we absolutely see on the enterprise side as well, and with rapid transformation comes increased complexity. There has been a lot of conversation about moving to Zero Trust, moving more services to the cloud and putting more controls on the endpoint – and not having these sort of layers in between. Our data tells us that the average enterprise device today has 96 unique applications, and at least 10 of them are security applications. That is a massive amount of complexity to manage. So, we don’t believe that adding more controls to the endpoint is the answer; we believe that what’s most important is knowing the security controls you have are actually working. And we need to help devices and applications become more intelligent, self-aware, and capable of fixing themselves. This concept of resiliency is the cornerstone of effective endpoint security, and a critical part of the shift to a more modern security architecture.

Matt: I think there are two major forcing functions: connection and security. Because we are all now remote, there’s a huge desire to feel connected to one another even though we aren’t sitting in the same room together. We’re modifying our products in real-time with the goal of removing shared pain points and optimizing for the new reality in which we’re all living and working. Things like microphone noise suppression and multiple far field microphones, so that if the dog barks or kids run into a room, the system will mute before you’ve even pressed the mute button. We’re improving camera technology from a processing standpoint to make things look better. Ultimately, our goal is to provide an immersive and connected experience.

Security, however, transcends specific features that deliver customer experiences – security is the experience. The features that make hardware more secure are those that lie beneath the operating system, in the firmware. That is why we have such a deep network of partners, including Absolute. Because you need to have a full ecosystem, and a program that takes advantage of all the best capabilities, in order to deliver the best security solution possible.

Louis: How is Absolute helping enterprise customers ensure greater endpoint security and resiliency in 2021 and beyond?

Christy: We spend a lot of time sitting with customers to understand their needs and how and where we can extend our endpoint security solutions to fit. We believe in taking a layered approach – which is the framework for defense in-depth, and an effective endpoint security strategy. The foundational piece, which we are able to deliver, is a permanent digital tether to every device; this is the lifeline. Not having an undeletable connection to every endpoint means you have a very large security gap, which must be closed fast. A layered, persistence-driven approach ensures our customers know their security controls are actually working and delivering business value. It enables our customers to pinpoint where a vulnerability is and take quick action to mitigate it.

Lenovo’s unique, high value-add approach to integrated security has both helped drive innovation at Absolute, while also providing Lenovo customers the strongest endpoint security possible. Their multilayer approach to their endpoint strategy capitalizes on Absolute’s many BIOS-level strengths to help their customers secure every endpoint they have. As our companies work together, we are both benefitting from a collaboration that seeks to strengthen and enrich all layers of endpoint security. Best of all, our shared customers are the benefactors of this collaboration and the results we are driving at the forefront of endpoint security.

Louis: How has the heightened focus on enterprise cybersecurity in general, and endpoint security specifically, influenced Lenovo’s product strategy in 2021 and beyond?

Matt: We have always been focused on our unique cybersecurity strengths from the device side and making sure we have all of the control points in manufacturing to ensure we build a secure platform. So, we’ve had to be open-minded about endpoint security, and diligent in envisioning how potential vulnerabilities and attack strategies can be thwarted before they impact our customers. Because of this mindset, we’re fortunate to have a very active partner community. We’re always scouring the earth for the next hot cybersecurity technology and potential partner with unique capabilities and the ability to scale with our model. This is a key reason we’ve standardized on Absolute for endpoint security, as it can accommodate a wide breadth of deployment scenarios. It’s a constant and very iterative process with a team of very smart people constantly looking at how we can excel at cybersecurity. It is this strategy that is driving us to fortify our Lenovo Security Assurance architecture over the long-term, while also seeking new ways of providing insights from existing and potentially new security applications.

Louis: What advice are you giving CISOs to strengthen endpoint security in 2021 and beyond?

Christy: One of our advisors is the former Global Head of Information Security at Citi Group, and former CISO of JP Morgan and Deutsche Bank. He talks a lot about his shared experiences of enabling business operations, while defending organizations from ever-evolving threats, and the question that more IT and security leaders need to be asking – which is, “Is it working?” Included in his expert opinion is that cybersecurity needs to be integral to business strategy – and endpoint security is essential for creating a broader secure ecosystem that can adapt as a company’s needs change.

I believe there needs to be more boardroom-level conversations around how compliance frameworks can be best used to achieve a balance between cybersecurity and business operations. A big part of that is identifying resiliency as a critical KPI for measuring the strength of endpoint controls.

Nov 29

7 Signs It’s Time To Get Focused On Zero Trust

When an experienced hacker can gain access to a company’s accounting and financial systems in 7 minutes or less after obtaining privileged access credentials, according to Ponemon, it’s time to get focused on Zero Trust Security. 2019 is on its way to being a record year for ransomware attacks, which grew 118% in Q1 of this year alone, according to McAfee Labs Threat Report. Data breaches on healthcare providers reached an all-time high in July of this year driven by the demand for healthcare records that range in price from $250 to over $1,000 becoming best-sellers on the Dark Web. Cybercriminals are using AI, bots, machine learning, and social engineering techniques as part of sophisticated, well-orchestrated strategies to gain access to banking, financial services, healthcare systems, and many other industries’ systems today.

Enterprises Need Greater Urgency Around Zero Trust

The escalating severity of cyberattacks and their success rates are proving that traditional approaches to cybersecurity based on “trust but verify” aren’t working anymore. What’s needed is more of a Zero Trust-based approach to managing every aspect of cybersecurity. By definition, Zero Trust is predicated on a “never trust, always verify” approach to access, from inside or outside the network. Enterprises need to begin with a Zero Trust Privilege-based strategy that verifies who is requesting access, the context of the request, and the risk of the access environment.

How urgent is it for enterprises to adopt Zero Trust? A recent survey of 2,000 full-time UK workers, completed by Censuswide in collaboration with Centrify, provides seven signs it’s time for enterprises to get a greater sense of urgency regarding their Zero Trust frameworks and initiatives. The seven signs are as follows:

77% of organizations’ workers admit that they have never received any form of cybersecurity skills training from their employer. In this day and age, it’s mind-blowing that three of every four organizations aren’t providing at least basic cybersecurity training, whether they intend to adopt Zero Trust or not. It’s like freely handing out driver’s licenses to anyone who wants one so they can drive the freeways of Los Angeles or San Francisco. The greater the training, the safer the driver. Likewise, the greater the cybersecurity training, the safer the worker, company and customers they serve.
69% of employees doubt the cybersecurity processes in place in their organizations today. When the majority of employees don’t trust the security processes in place in an organization, they invent their own, often bringing their favorite security solutions into an enterprise. Shadow IT proliferates, productivity often slows down, and enterprise is more at risk of a breach than ever before. When there’s no governance or structure to managing data, cybercriminals flourish.
63% of British workers interviewed do not realize that unauthorized access to an email account without the owner’s permission is a criminal offense. It’s astounding that nearly two-thirds of the workers in an organization aren’t aware that unauthorized access to another person’s email account without their permission is a crime. The UK passed into law 30 years ago the Computer Misuse Act. The law was created to protect individuals’ and organizations’ electronic data. The Act makes it a crime to access or modify data stored on a computer without authorization to do so. The penalties are steep for anyone found guilty of gaining access to a computer without permission, starting with up to two years in prison and a £5,000 fine. It’s alarming how high the lack of awareness is of this law, and an urgent call to action to prioritize organization-wide cybersecurity training.
27% of workers use the same password for multiple accounts. The Consensus survey finds that workers are using identical passwords for their work systems, social media accounts, and both personal and professional e-mail accounts. Cybersecurity training can help reduce this practice, but Zero Trust is badly needed to protect privileged access credentials that may have identical passwords to someone’s Facebook account, for example.
14% of employees admitted to keeping their passwords recorded in an unsecured handwritten notebook or on their desk in the office. Organizations need to make it as difficult as possible for bad actors and cybercriminals to gain access to passwords instead of sharing them in handwritten notebooks and on Post-It notes. Any organization with this problem needs to immediately adopt Multi-Factor Authentication (MFA) as an additional security measure to ensure compromised passwords don’t lead to unauthorized access. For privileged accounts, use a password vault, which can make handwritten password notes (and shared passwords altogether) obsolete.
14% do not use multi-factor authentication for apps or services unless forced to do so. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure unsecured. Not securing privileged access credentials with MFA or, at the very least, vaulting them is like handing the keys to the kingdom to cybercriminals going after privileged account access. Securing privileged credentials needs to begin with a Zero Trust-based approach that verifies who is requesting access, the context of the request, and the risk of the access environment.
1 out of every 25 employees hacks into a colleague’s email account without permission. In the UK, this would be considered a violation of the Computer Misuse Act, which has some unfortunate outcomes for those found guilty of violating it. The Censuswide survey also found that one in 20 workers have logged into friend’s Facebook accounts without permission. If you work in an organization of over 1,000 people, for example, 40 people in your company have most likely hacked into a colleague’s email account, opening up your entire company to legal liability.

Conclusion

Leaving cybersecurity to chance and hoping employees will do the right thing isn’t a strategy; it’s an open invitation to get hacked. The Censuswide survey and many others like it reflect a fundamental truth that cybersecurity needs to become part of the muscle memory of any organization to be effective. As traditional IT network perimeters dissolve, enterprises need to replace “trust but verify” with a Zero Trust-based framework. Zero Trust Privilege mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. Leaders in this area include Centrify, who combines password vaulting with brokering of identities, multi-factor authentication enforcement, and “just enough” privilege, all while securing remote access and monitoring of all privileged sessions.

Oct 5

10 Ways AI And Machine Learning Are Improving Endpoint Security

Gartner predicts $137.4B will be spent on Information Security and Risk Management in 2019, increasing to $175.5B in 2023, reaching a CAGR of 9.1%. Cloud Security, Data Security, and Infrastructure Protection are the fastest-growing areas of security spending through 2023.
69% of enterprise executives believe artificial intelligence (AI) will be necessary to respond to cyberattacks with the majority of telecom companies (80%) saying they are counting on AI to help identify threats and thwart attacks according to Capgemini.
Spending on AI-based cybersecurity systems and services reached $7.1B in 2018 and is predicted to reach $30.9B in 2025, attaining a CAGR of 23.4% in the forecast period according to Zion Market Research.

Traditional approaches to securing endpoints based on the hardware characteristics of a given device aren’t stopping breach attempts today. Bad actors are using AI and machine learning to launch sophisticated attacks to shorten the time it takes to compromise an endpoint and successfully breach systems. They’re down to just 7 minutes after comprising an endpoint and gaining access to internal systems ready to exfiltrate data according to Ponemon. The era of trusted and untrusted domains at the operating system level, and “trust, but verify” approaches are over. Security software and services spending is soaring as a result, as the market forecasts above show.

AI & Machine Learning Are Redefining Endpoint Security

AI and machine learning are proving to be effective technologies for battling increasingly automated, well-orchestrated cyberattacks and breach attempts. Attackers are combining AI, machine learning, bots, and new social engineering techniques to thwart endpoint security controls and gain access to enterprise systems with an intensity never seen before. It’s becoming so prevalent that Gartner predicts that more than 85% of successful attacks against modern enterprise user endpoints will exploit configuration and user errors by 2025. Cloud platforms are enabling AI and machine learning-based endpoint security control applications to be more adaptive to the proliferating types of endpoints and corresponding threats. The following are the top ten ways AI and machine learning are improving endpoint security:

Using machine learning to derive risk scores based on previous behavioral patterns, geolocation, time of login, and many other variables is proving to be effective at securing and controlling access to endpoints. Combining supervised and unsupervised machine learning to fine-tune risk scores in milliseconds is reducing fraud, thwarting breach attempts that attempt to use privileged access credentials, and securing every identity on an organizations’ network. Supervised machine learning models rely on historical data to find patterns not discernable with rules or predictive analytics. Unsupervised machine learning excels at finding anomalies, interrelationships, and valid links between emerging factors and variables. Combining both unsupervised and supervised machine learning is proving to be very effective in spotting anomalous behavior and reducing or restricting access.
Mobile devices represent a unique challenge to achieving endpoint security control, one that machine learning combined with Zero Trust is proving to be integral at solving. Cybercriminals prefer to steal a mobile device, its passwords, and privileged access credentials than hack into an organization. That’s because passwords are the quickest onramp they have to the valuable data they want to exfiltrate and sell. Abandoning passwords for new techniques including MobileIron’s zero sign-on approach shows potential for thwarting cybercriminals from getting access while hardening endpoint security control. Securing mobile devices using a zero-trust platform built on a foundation of unified endpoint management (UEM) capabilities enables enterprises to scale zero sign-on for managed and unmanaged services for the first time. Below is a graphic illustrating how they’re adopting machine learning to improve mobile endpoint security control:

10 Ways AI and Machine Learning Are Improving Endpoint Security — MOBILEIRON.COM

Capitalizing on the core strengths of machine learning to improve IT asset management is making direct contributions to greater security. IT Management and security initiatives continue to become more integrated across organizations, creating new challenges to managing endpoint security across each device. Absolute Software is taking an innovative approach to solve the challenge of improving IT asset management, so endpoint protection is strengthened at the same time. Recently I had a chance to speak with Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, where he shared with me how machine learning algorithms are improving security by providing greater insights into asset management. “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space. Nicko added that Absolute’s endpoint security controls begin at the BIOS level of over 500M devices that have their endpoint code embedded in them. The Absolute Platform is comprised of three products: Persistence, Intelligence, and Resilience—each building on the capabilities of the other. Absolute Intelligence standardizes the data around asset analytics and security advocacy analytics to allow Security managers to ask any question they want. (“What’s slowing down my device? What’s working and what isn’t? What has been compromised? What’s consuming too much memory? How does this deviate from normal performance?”). An example of Absolute’s Intelligence providing insights into asset management and security is shown below:

Machine learning has progressed to become the primary detection method for identifying and stopping malware attacks. Machine learning algorithms initially contributed to improving endpoint security by supporting the back-end of malware protection workflows. Today more vendors are designing endpoint security systems with machine learning as the primary detection method. Machine learning trained algorithms can detect file-based malware and learn which files are harmful or not based on the file’s metadata and content. Symantec’s Content & Malware Analysis illustrates how machine learning is being used to detect and block malware. Their approach combines advanced machine learning and static code file analysis to block, detect, and analyze threats and stop breach attempts before they can spread.
Supervised machine learning algorithms are being used for determining when given applications are unsafe to use, assigning them to containers, so they’re isolated from production systems. Taking into account an applications’ threat score or reputation, machine learning algorithms are defining if dynamic application containment needs to run for a given application. Machine learning-based dynamic application containment algorithms and rules block or log unsafe actions of an application based on containment and security rules. Machine learning algorithms are also being used for defining predictive analytics that define the extent of a given applications’ threat.
Integrating AI, machine learning, and SIEM (Security Information and Event Management) in a single unified platform are enabling organizations to predict, detect, and respond to anomalous behaviors and events. AI and machine learning-based algorithms and predictive analytics are becoming a core part of SIEM platforms today as they provide automated, continuous analysis and correlation of all activity observed within a given IT environment. Capturing, aggregating, and analyzing endpoint data in real-time using AI techniques and machine learning algorithms is providing entirely new insights into asset management and endpoint security. One of the most interesting companies to watch in this area is LogRhythm. They’ve developed an innovative approach to integrating AI, machine learning, and SIEM in their LogRhythm NextGen SIEM Platform, which delivers automated, continuous analysis and correlation of all activity observed within an IT environment. The following is an example of how LogRhythm combines AI, machine learning, and SIEM to bring new insights into securing endpoints across a network.

Machine learning is automating the more manually-based, routine incident analysis, and escalation tasks that are overwhelming security analysts today. Capitalizing on supervised machine learnings’ innate ability to fine-tune algorythms in milliseconds based on the analysis of incidence data, endpoint security providers are prioritizing this area in product developnent. Demand from potential customers remains strong, as nearly everyone is facing a cybersecurity skills shortage while facing an onslaught of breach attempts. “The cybersecurity skills shortage has been growing for some time, and so have the number and complexity of attacks; using machine learning to augment the few available skilled people can help ease this. What’s exciting about the state of the industry right now is that recent advances in Machine Learning methods are poised to make their way into deployable products,” Absolute’s CTO Nicko van Someren added.
Performing real-time scans of all processes with an unknown or suspicious reputation is another way how machine learning is improving endpoint security. Commonly referred to as Hunt and Respond, supervised and unsupervised machine learning algorithms are being used today to seek out and resolve potential threats in milliseconds instead of days. Supervised machine learning algorithms are being used to discover patterns in known or stable processes where anomalous behavior or activity will create an alert and pause the process in real-time. Unsupervised machine learning algorithms are used for analyzing large-scale, unstructured data sets to categorize suspicious events, visualize threat trends across the enterprise, and take immediate action at a single endpoint or across the entire organization.
Machine learning is accelerating the consolidation of endpoint security technologies, a market dynamic that is motivating organizations to trim back from the ten clients they have on average per endpoint today. Absolute Software’s 2019 Endpoint Security Trends Report found that a typical device has ten or more endpoint security agents installed, each often conflicting with the other. The study also found that enterprises are using a diverse array of endpoint agents, including encryption, AV/AM, and Endpoint Detection and Response (EDR). The wide array of endpoint solutions make it nearly impossible to standardize a specific test to ensure security and safety without sacrificing speed. By helping to accelerate the consolidation of security endpoints, machine learning is helping organizations to see the more complex and layered the endpoint protection, the greater the risk of a breach.
Keeping every endpoint in compliance with regulatory and internal standards is another area machine learning is contributing to improving endpoint security. In regulated industries, including financial services, insurance, and healthcare, machine learning is being deployed to discover, classify, and protect sensitive data. This is especially the case with HIPAA (Health Insurance Portability and Accountability Act) compliance in healthcare. Amazon Macie is representative of the latest generation of machine learning-based cloud security services. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property and provides organizations with dashboards, alerts, and contextual insights that give visibility into how data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies and generates detailed alerts when it detects the risk of unauthorized access or inadvertent data leaks. An example of one of Amazon Macie’s dashboard is shown below:

Jul 21

Passwords Are The Weakest Defense In A Zero Trust World

90% of security professionals have witnessed security incidents stemming from the theft of credentials, according to a recent MobileIron study conducted by IDG.
86% of CIO, CISO and Security VPs would abandon password authentication if they could.
Another survey by EMA found that mobile devices secured by biometric authentication methods present the best option for replacing passwords.
There is a direct correlation between the number of times a user authenticates and the number of user access problems that need to be addressed.

These and many other fascinating insights make it clear that passwords are now the weakest defense anyone can rely on in a Zero Trust world. Two recent research studies quantify just how weak and incomplete an IT security strategy based on passwords is, especially when the need to access mobile apps is proliferating. Combined, these two MobileIron reports pack a one-two punch at passwords, and how they’re not strong enough alone to protect mobile devices, the fastest proliferating threat surface in a Zero Trust world.

The first, Say Goodbye to Passwords (4 pp., PDF, opt-in) by IDG, is based on interviews with 200 IT security leaders in the US, UK, Australia, and New Zealand working in a range of industries at companies with at least 500 employees. The survey’s goal is to uncover and quantify the major authentication pain points facing enterprises. The second, Passwordless Authentication: Bridging the Gap Between High-Security and Low-Friction Identity Management (34 pp., PDF, opt-in) by Enterprise Management Associates (EMA), is based on interviews with 200 North American-based IT professionals who are knowledgeable about their organization’s use of identity and access management services. Please see page 4 of the study for additional details regarding the methodology.

The two studies provide insights into the perils of passwords and the merits of mobile when it comes to enterprise security, user experiences, and workforce productivity:

90% of respondents to the EMA survey have experienced significant password policy violations in just the last year. The most frequently reported was that identical passwords are being used to support multiple accounts (39.06%). The following graphic from the EMA study reflects password management worst practices that put an organization at a high risk of a breach. A recent survey by Centrify found that 74% of all breaches involved access to a privileged account. Hackers aren’t breaking into systems; they’re obtaining privileged access credentials and walking in the front door as the graphic below shows.

88% of global security leaders believe that mobile devices will soon serve as a digital ID for accessing enterprise apps and data. In the US, the percentage rises to 91%. With cyberattacks on the rise and the disadvantages of passwords and Multi-Factor Authentication (MFA) apparent to security leaders—from both a user and a security standpoint— it’s clear that new authentication methods are needed. Hardware tokens, seen by many security leaders as a more secure option for authentication than passwords, take a hit on user-friendliness compared to biometrics on a mobile device according to the survey’s results. Among the security leaders, 72% see biometrics as more user-friendly than passwords, versus just 58% favoring tokens over passwords for ease of use.

Four of the top five authentication technologies IT leaders prefer over passwords are biometrics-based. What’s encouraging from the EMA study is that the majority of IT departments are actively evaluating biometrics with 82% of respondents identifying at least one of the four basic biometric approaches as a passwordless solution.

87% of enterprises anticipate an increase in users needing business app access over the next 24 months. 85% of respondents reported seeing an increase in the number of users who need to access business apps from a mobile device over the past 12 months. Mobile apps dominate enterprises’ internal software development efforts according to 91% of respondents to the IDG study.

Eliminating passwords reduces the friction or hassles required to gain access to apps and resources while improving organization-wide security. The paradox of how to improve productivity and increase security is solved when passwords go away. Low-friction identity management approaches improve user experiences while simultaneously enhancing security and reducing management efforts as the graphic below shows:

Conclusion

Hackers would instead find ingenious ways to steal passwords and privileged access credentials than spend time attempting to hack into an organization’s systems. Mobile devices and the apps they use are the fastest growing and most unprotected threat surface there is for businesses today, making them a high priority for hackers. Relying on passwords alone to protect mobile devices makes them the weakest defense in a Zero Trust World. Eliminating passwords for more effective authentication and security approaches that are more consistent with Zero Trust is needed now.

May 3

CIO’s Guide To Stopping Privileged Access Abuse – Part 2

Why CIOs Are Prioritizing Privileged Credential Abuse Now

Enterprise security approaches based on Zero Trust continue to gain more mindshare as organizations examine their strategic priorities. CIOs and senior management teams are most focused on securing infrastructure, DevOps, cloud, containers, and Big Data projects to stop the leading cause of breaches, which is privileged access abuse.

Based on insights gained from advisory sessions with CIOs and senior management teams, Forrester estimates that 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates. In another survey completed by Centrify, 74% of IT decision makers surveyed whose organizations have been breached in the past, say it involved privileged access abuse. Furthermore, 65% of organizations are still sharing root or privileged access to systems and data at least somewhat often. Centrify’s survey, Privileged Access Management in the Modern Threatscape, is downloadable here.

The following are the key reasons why CIOs are prioritizing privileged access management now:

Identities are the new security perimeter for any business, making privileged access abuse the greatest challenge CIOs face in keeping their businesses secure and growing. Gartner also sees privileged credential abuse as the greatest threat to organizations today, and has made Privileged Account Management one of the Gartner Top 10 Security Projects for 2018, and again in 2019. Forrester and Gartner’s findings and predictions reflect the growing complexity of threatscapes every CIO must protect their business against while still enabling new business growth. Banking, financial services, and insurance (BFSI) CIOs often remark in my conversations with them that the attack surfaces in their organizations are proliferating at a pace that quickly scales beyond any trust but verify legacy approach to managing access. They need to provide applications, IoT-enabled devices, machines, cloud services, and human access to a broader base of business units than ever before.
CIOs are grappling with the paradox of protecting the rapidly expanding variety of attack surfaces from breaches while still providing immediate access to applications, systems, and services that support their business’ growth. CIOs I’ve met with also told me access to secured resources needs to happen in milliseconds, especially to support the development of new banking, financial services, and insurance applications in beta testing today, scheduled to be launched this summer. Their organizations’ development teams expect more intuitive, secure, and easily accessible applications than ever before, which is driving CIOs to prioritize privileged access management now
Adapting and risk-scoring every access attempt in real-time is key to customer experiences on new services and applications, starting with response times. CIOs need a security strategy that can flex or adapt to risk contexts in real-time, assessing every access attempt across every threat surface and generating a risk score in milliseconds. The CIOs I’ve met with regularly see a “never trust, always verify, enforce least privilege” approach to security as the future of how they’ll protect every threat surface from privileged access abuse. Each of their development teams is on tight deadlines to get new services launch to drive revenue in Q3. Designing in Zero Trust with a strong focus on Zero Trust Privilege is saving valuable development time now and is enabling faster authentication times of the apps and services in testing today.

Strategies For Stopping Privileged Credential Abuse – Part 2

Recently I wrote a CIO’s Guide To Stopping Privileged Access Abuse – Part 1 detailing five recommended strategies for CIOs on how to stop privileged credential abuse. The first five strategies focus on the following: discovering and inventorying all privileged accounts; vaulting all cloud platforms’ Root Accounts; auditing privileged sessions and analyzing patterns to find privileged credential sharing not found during audits; enforcing least privilege access now within your existing infrastructure as much as possible; and adopting multi-factor authentication (MFA) across all threat surfaces that can adapt and flex to the risk context of every request for resources.

The following are the second set of strategies CIOs need to prioritize to further protect their organizations from privileged access abuse:

After completing an inventory of privileged accounts, create a taxonomy of them by assigning users to each class or category, personalizing privileged credential access to the role and entitlement level for each. CIOs tell me this is a major time saver in scaling their Privileged Access Management (PAM) strategies. Assigning every human, machine and sensor-based identity is the goal with the overarching objective being the creation of a Zero Trust-based enterprise security strategy. Recommended initial classes or categories include IT administrators who are also responsible for endpoint security; developers who require occasional access to production instances; service desk teams and service operations; the Project Management Office (PMO) and project IT; and external contractors and consultants.
By each category in the taxonomy, automate the time, duration, scope, resources, and entitlements of privileged access for each focusing on the estimated time to complete each typical task. Defining a governance structure that provides real-time access to resources based on successful authentication is a must-have for protecting privileged access credentials. By starting with the attributes of time, duration, scope and properties, organizations have a head start on creating a separation of duties (SOD) model. Separation of duties is essential for ensuring that privileged user accounts don’t have the opportunity to carry out and conceal any illegal or unauthorized activities.
Using the taxonomy of user accounts created and hardened using the separation of duties model, automate privileged access and approval workflows for enterprise systems. Instead of having administrators approve or semi-automate the evaluation of every human- and machine-based request for access, consider automating the process with a request and approval workflow. With time, duration, scope, and properties of privileged access already defined human- and machine-based requests for access to IT systems and services are streamlined, saving hundreds of hours a year and providing a real-time log for audit and data analysis later.
Break-glass, emergency or firecall account passwords need to be vaulted, with no exceptions. When there’s a crisis of any kind, the seconds it takes to get a password could mean the difference between cloud instances and entire systems being inaccessible or not. That’s why administrators often only manually secure root passwords to all systems, cloud platforms and containers included. This is the equivalent of leaving the front door open to the data center with all systems unlocked. The recent Centrify survey found that just 48% of organizations interviewed have a password vault. 52% are leaving the keys to the kingdom available for hackers to walk through the front door of data centers and exfiltraticate data whenever they want.
Continuous delivery and deployment platforms including Ansible, Chef, Puppet, and others need to be configured when first installed to eliminate the potential for privileged access abuse. The CIOs whose teams are creating new apps and services are using Chef and Puppet to design and create workloads, with real-time integration needed with customer, pricing, and services databases and the systems they run on. Given how highly regulated insurance is, CIOs are saying they need to have logs that show activity down to the API level in case of an audit. The more regulated and audited a company, the more trusted and untrusted domains are seen as the past, Zero Trust as the future based on CIO’s feedback.

Conclusion

The CIOs I regularly meet with from the banking, financial services, and insurance industries are under pressure to get new applications and services launched while protecting their business’ daily operations. With more application and services development happening in their IT teams, they’re focusing on how they can optimize the balance between security and speed. New apps, services, and the new customers they attract are creating a proliferation of new threat surfaces, making every new identity the new security perimeter.

Researching the intersection of AI, machine learning and cybersecurity in the enterprise

Posts tagged ‘Zero Trust’

Top 10 Identity Security Insights from Forrester’s 2025 Security & Risk Summit

1. Identity Security Budgets Accelerate Toward $27.5B by 2029

2. Hybrid IAM Still Dominates—77% Keep On-Premise Components

3. Third-party Risk Matches Compliance as a Top IAM Driver

4. Static Entitlements Are Obsolete; Zero Standing Privilege Is Now Mandatory

5. Identity Management Converges Across Security, Marketing, and CX

6. Vendor Consolidation Radically Reshapes IAM Markets

7. Generative AI Exacerbates Identity Threats but Offers Transformational Defenses

8. Machine Identities Are a Critical Emerging Attack Vector

9. Phishing-Resistant MFA Is Dangerously Under-Deployed

10. Context-Aware IAM Becomes a Real-time Security Necessity

Bottom Line: Adaptive identity security defines enterprise survival

Like this:

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report

A fast-changing threatscape is changing spending priorities

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

Like this:

Gartner Predicts Solid Growth for Information Security, Reaching $287 Billion by 2027

Like this:

What Enterprises Need To Plan For In 2021 When It Comes To Endpoint Security

Like this:

7 Signs It’s Time To Get Focused On Zero Trust

Like this:

10 Ways AI And Machine Learning Are Improving Endpoint Security

Like this:

Passwords Are The Weakest Defense In A Zero Trust World

Like this:

CIO’s Guide To Stopping Privileged Access Abuse – Part 2

Like this:

Email Subscription

Top Posts

This Blog’s Purpose

Categories

Search

Researching the intersection of AI, machine learning and cybersecurity in the enterprise

Posts tagged ‘Zero Trust’

What makes these categories different

The 15 categories reshaping enterprise security

1. Cloud Security Posture Management (CSPM) — 29.36% CAGR — $4.68B → $12.76B

2. Cloud Access Security Brokers (CASB) — 24.81% CAGR — $2.30B → $5.58B

3. Zero Trust Network Access (ZTNA) — 21.95% CAGR — $2.48B → $5.43B

4. Threat Intelligence — 21.73% CAGR — $2.58B → $5.69B

5. Cloud Workload Protection Platforms (CWPP) — 21.53% CAGR — $5.98B → $13.11B

6. Consent and Preference Management — 20.22% CAGR — $0.81B → $1.64B

7. Subject Rights Request (SRR) Automation — 14.26% CAGR — $1.24B → $2.01B

8. Network Detection and Response (NDR) — 13.44% CAGR — $2.15B → $3.37B

9. Vulnerability Assessment — 13.02% CAGR — $3.48B → $5.60B

10. Tokenization — 12.68% CAGR — $1.34B → $2.11B

11. Endpoint Protection Platform (EPP) — 12.51% CAGR — $17.68B → $28.36B

12. Secure Web Gateway (SWG) — 11.63% CAGR — $4.44B → $6.74B

13. Web Application Firewalls (WAF) — 10.92% CAGR — $2.48B → $3.74B

14. Encryption — 10.64% CAGR — $1.35B → $1.98B

15. Security Information and Event Management (SIEM) — 10.30% CAGR — $7.60B → $11.15B

Why this matters

Bottom Line

Share this:

Like this:

What these growth rates say about Gartner’s view of the market

The 15 categories reshaping security architecture

The Investment Thesis behind the numbers

The Bottom Line

Share this:

Like this:

1. Identity Security Budgets Accelerate Toward $27.5B by 2029

2. Hybrid IAM Still Dominates—77% Keep On-Premise Components

3. Third-party Risk Matches Compliance as a Top IAM Driver

4. Static Entitlements Are Obsolete; Zero Standing Privilege Is Now Mandatory

5. Identity Management Converges Across Security, Marketing, and CX

6. Vendor Consolidation Radically Reshapes IAM Markets

7. Generative AI Exacerbates Identity Threats but Offers Transformational Defenses

8. Machine Identities Are a Critical Emerging Attack Vector

9. Phishing-Resistant MFA Is Dangerously Under-Deployed

10. Context-Aware IAM Becomes a Real-time Security Necessity

Bottom Line: Adaptive identity security defines enterprise survival

Share this:

Like this:

A fast-changing threatscape is changing spending priorities

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Email Subscription

Top Posts

This Blog’s Purpose

Categories

Search