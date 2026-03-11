- Advertisement -

Gartner is bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in Mumbai, India. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 of the conference, we are discussing how chief information security officers can strategically optimize their third‑party cyber-risk management investments in 2026 and beyond, exploring how to elevate identity and access management (IAM) with an identity‑first security approach, and examining how organizations can build privacy programs capable of adapting to the evolving regulatory landscape.

Key Announcements

Outlook for Third-Party Cyber-Risk Management: Challenge the Status Quo to Evolve Your Program presented by Rahul Balakrishnan, Sr Director Analyst, Gartner

As the frequency and impact of disruptions caused by third‑party cyber incidents continue to rise, it is becoming clear that most third‑party cyber risk programs are not adequately prepared to meet current challenges. In this session, Mr. Rahul Balakrishnan, Senior Director Analyst at Gartner, outlined how chief information security officers (CISOs) can strategically optimize their third‑party cyber-risk management (TPCRM) investments in 2026 and beyond.

Key Takeaways

“As regulatory guidance around TPCRM has accelerated globally and in India over the last five years, cybersecurity leaders must use the expanding and prescriptive regulatory mandates to transform TPCRM risk into clear business requirements that drive the investment roadmap.”

“CISOs should create a strategy that uses indirect monitoring to spot potential risks in a third party’s security posture and direct monitoring to track risks through internally exposed services, ensuring resources are focused on the exposures that matter most.”

By 2028, half of all TPCRM programs will focus on continuous monitoring, allowing CISOs to repurpose due diligence resourcing to other high-value third-party risk mitigation activities.

“As developing GenAI applications in-house is costly, many organizations rely on third‑party LLMs or GenAI-enabled SaaS solutions, making it critical for CISOs to have a clear view of the data security controls these third parties have in place to protect the organization’s data held in third-party environments.”

“Gartner predicts that by 2028, 70% of organizations and vendors will use GenAI to complete and analyze TPCRM questionnaires, rendering the outputs increasingly unusable and disconnected from actual risk indicators. Therefore, it is essential to have human analysts validate the work done by GenAI for critical third parties.”

Outlook for Identity and Access Management: Elevate IAM With Identity-First Security presented by Sarah Almond, Director Analyst, Gartner

Modern identity and access management (IAM) strategies now strengthen security while reducing the friction caused by legacy cybersecurity controls. In this session, Ms. Sarah Almond, Director Analyst at Gartner, explained why cybersecurity leaders must elevate IAM from a tactical or a checkbox exercise to a core pillar of cybersecurity strategy.

Key Takeaways

“In a world without perimeters, identity-first security is the foundation of effective cybersecurity. It is built on the premise that securing all user identities, both human and machine, is essential for mitigating modern threats.”

“Identity‑first security succeeds only when it is consistent, context‑aware, and continuous.”

“Traditional IAM approaches, designed for human users, fall short of addressing the unique requirements of machines, such as devices and workloads. Without a cohesive machine IAM strategy, organizations risk compromising the security and integrity of their IT infrastructure.”

“Identity visibility and intelligence platforms (IVIP) unify IAM data, activities, relationships, configurations, and posture into a single‑pane‑of‑glass view with actionable insights, giving cybersecurity leaders a comprehensive understanding of the IAM attack surface.”

“Gartner predicts that by 2028, 70% of chief information security officers (CISOs) will utilize an IVIP to shrink their IAM attack surface.”

Preparing Privacy Program for What’s Next presented by Shadrock Roberts, Director Analyst, Gartner

With emerging regulations, advancing technologies and rising stakeholder expectations, cybersecurity leaders are navigating an increasingly complex and fast‑shifting landscape. In this session, Mr. Shadrock Roberts, Director Analyst at Gartner, explored how organizations can build privacy programs capable of adapting to uncertainty.

Key Takeaways

“With the enactment of the Digital Personal Data Protection (DPDP) Act, India enters a global ecosystem where 75% of the world’s population is protected by modern privacy laws.”

“Success in this dynamic landscape demands organizational agility, strategic foresight into emerging trends, and strong cross‑functional coordination.”

“It isn’t just about ticking boxes or avoiding penalties. Privacy is now a core expectation, and organizations that treat it as a business opportunity rather than a compliance task, will build trust, stand out in the market, and avert costly disruptions.”

“While privacy can seem complex, focusing on core principles such as purpose limitation, data minimization, security, transparency, and accountability gives organizations a clear and effective starting point for DPDP success.”

That’s a wrap. See you next year!

Covered By: NCN MAGAZINE / Gartner

