2028 Cybersecurity incident responses will focus AI-related.
Gartner, Inc., a leading business and technology research and consulting company, revealed that by 2028, over half (50%) of organizational cybersecurity incident responses will be directed toward incidents involving internally developed AI applications.
Christopher Mixter, Vice President Analyst at Gartner, stated: “AI is evolving rapidly, but many tools—especially internally developed AI applications—are being deployed without thorough testing. These systems are complex, constantly changing, and difficult to secure over the long term. Additionally, most security teams lack clear processes for handling AI-related incidents, resulting in longer resolution times and significantly greater effort.”
Gartner recommends that cybersecurity leaders get involved in AI application development projects from the early stages. This ensures adequate timelines, proper resource planning, and expectation management to implement appropriate security controls.
This is one of Gartner’s most important recent cybersecurity predictions, and the firm advises security leaders to incorporate these factors into their strategic planning over the next two years.
By 2028, more than 50% of organizations will adopt AI Security Platforms to govern the use of external AI services and protect internally developed AI applications.
These platforms enable centralized management of new risks associated with rapid AI adoption, such as prompt injection attacks, data misuse, and more. With centralized control, CISOs can enforce policies, monitor AI activities, and establish consistent security frameworks across both external and internal AI applications. Security leaders should evaluate AI security platforms to ensure comprehensive coverage.
Manual AI compliance processes will lead 75% of regulated organizations to risk fines exceeding 5% of their global revenue by 2027.
Although regulatory approaches vary globally, AI regulations share a common goal: enforcing systematic risk management practices. While CISOs may keep pace with standards in cybersecurity, privacy, and risk management, emerging AI safety regulations introduce new challenges. Gartner recommends establishing Cyber GRC (Governance, Risk, and Compliance) frameworks and leveraging technology to drive compliance.
By 2030, 33% of IT workloads will be dedicated to managing AI Data Debt to ensure AI system security.
Most organizational data is not yet AI-ready. Key obstacles include unstructured data and weak data security. To address this, cybersecurity leaders are expanding data loss prevention (DLP) systems to monitor and control data flows from GenAI and access requests from agentic AI. Gartner advises close collaboration with data and AI leaders to systematically identify, assess, and remediate data access controls.
By 2027, 30% of organizations will require comprehensive sovereignty over cloud security controls to address ongoing geopolitical volatility.
Geopolitical instability and varying regulations are creating complex data risks, pushing organizations to prioritize data sovereignty as a core element of cyber resilience strategies. This will influence vendor selection for cloud-connected products and shift priorities as stricter data localization requirements emerge. Cybersecurity leaders must take a proactive role in defining organizational sovereignty requirements and complying with local laws.
By 2028, 70% of CISOs will adopt Identity Visibility and Intelligence capabilities to reduce IAM attack surfaces and mitigate identity theft risks.
Identity has become a primary attack vector due to the rapid growth and complexity of managing both human and machine identities. This creates visibility gaps caused by fragmented Identity and Access Management (IAM) tools and increases risks from misconfigurations. Gartner recommends addressing these blind spots by implementing centralized, AI-driven Identity Visibility and Intelligence platforms to enhance detection and response capabilities.
Source : Gartner
PR : PC & Associates Consulting Co., Ltd. & FAQ Co., Ltd.
