Transform Governance, Secure New Frontiers, Normalize AI Adoption

Agentic AI demands cybersecurity oversight: “Identify both sanctioned and unsanctioned AI agents, and enforce robust controls for each based on access and agency.”

Wam Voster, VP Analyst, Gartner

FinTech BizNews Service

Mumbai, March 9, 2026: On Day 1 of the Gartner Security & Risk Management Summit, taking place  in Mumbai, the opening keynote explored why cybersecurity leaders must begin preparing for the quantum threat, and explored the current state of deepfake detection along with the mitigation strategies organizations need to adopt. 

Chief information security officers (CISOs) are facing disruption from external forces, ranging from geopolitical tensions to the rapid growth of AI, testing the limits of existing programs. In the Gartner Opening Keynote, Wam Voster, VP Analyst at Gartner, outlined Gartner’s top cybersecurity trends for 2026, offering organizations the strategic direction needed to manage risk and strengthen resilience across three key themes: Transform governance, Secure new frontiers and Normalize AI adoption.

Gartner Keynote: Top Cybersecurity Trends presented by Wam Voster, VP Analyst, Gartner

Chief information security officers (CISOs) are facing disruption from external forces, ranging from geopolitical tensions to the rapid growth of AI, testing the limits of existing programs. In the Gartner Opening Keynote, Wam Voster, VP Analyst at Gartner, outlined Gartner’s top cybersecurity trends for 2026, offering organizations the strategic direction needed to manage risk and strengthen resilience across three key themes: Transform governance, Secure new frontiers and Normalize AI adoption.

Key Takeaways

• “Amid regulatory volatility and broad geopolitical, technological and organizational forces, CISOs must rethink how they approach cyber risk management, resilience and resource allocation by strategically assessing each trend across the three core themes to determine whether to embrace, monitor or deprioritize it.”
• Postquantum computing moves into action plans: “As quantum computing renders today’s cryptography unsafe by 2030, CISOs must inventory all crypto assets and establish a center of excellence to accelerate crypto‑agile readiness.”
• Agentic AI demands cybersecurity oversight: “Identify both sanctioned and unsanctioned AI agents, and enforce robust controls for each based on access and agency.”
• Global regulatory volatility drives cyber resilience efforts: “Treat compliance as a strategic advantage, not a checklist to drive cyber resilience.”
• GenAI breaks traditional cybersecurity awareness tactics: “Stop relying on general awareness, and focus on adaptive training that provides visibility into individual employee behaviors.”

3. Securing the Quantum Frontier: Embracing Postquantum Cryptography Today presented by Sarah Almond, Director Analyst, Gartner

As quantum computing rapidly advances, the cryptographic foundations that secure our digital world face unprecedented challenges. In this session, Sarah Almond, Director Analyst at Gartner, outlined the urgent need to adopt quantum-resistant encryption technologies to safeguard against emerging quantum threats.

Key Takeaways

• “Advances in quantum computing will make conventional asymmetric cryptography unsafe to use by 2030.”
• “Security leaders often struggle to convey urgency around postquantum security because quantum threats seem distant, but four years isn’t a long time. Delaying action puts today’s encrypted data at risk of ‘harvest now, decrypt later’ attacks, where attackers steal data today with the intent to decrypt it once quantum capabilities mature.”
• Security leaders need to adopt a preparation mindset focused on five key actions for postquantum (PQ) readiness:
• Strategy: Build PQ efforts into the roadmap and secure investments for launching a multi-year program.
• Visibility: Identify where cryptography is used across the enterprise.
• Agility: Enable easy upgrades to algorithms, keys, and certificates.
• POC: Begin practical experimentation with new PQ algorithms.
• CCoE: Bring together the right stakeholders to drive coordinated progress.
• “Take a phased approach to building cryptographic visibility rather than trying to discover everything at once. Don’t wait for a perfect inventory and use available information to prioritise remediation, identify vendor dependencies, and shape a roadmap.”

4. Technical Insights: How to Mitigate the Threat of Identity Impersonation Using Deepfakes presented by Apeksha Kaushik, Principal Analyst, Gartner

Attackers are increasingly using deepfakes to bypass automated voice biometrics, identity verification systems, and even impersonate company executives in scams targeting employees. In this session, Apeksha Kaushik, Principal Analyst at Gartner, discussed the current state of deepfake detection and the mitigation strategies organizations should adopt.

Key Takeaways

• “Deepfake identity impersonation is rapidly expanding across three major attack surfaces: voice biometrics, face biometrics, and employee‑targeted social engineering-making it easier for attackers to convincingly impersonate customers, employees, and company executives, leading to financial, reputational and revenue losses.”
• “There is no one single way to detect deepfake voice within an automated biometric workflow. Detecting deepfakes requires a range of different techniques and capabilities across channels to make it effective and prevent the damage.”
• “Generalization remains a major challenge as most detection systems perform well on the deepfake creation tools they were trained on, but their performance drops when encountering new ones.”
• “Favor vendors that examine the broadest set of risk signals, maximizing the chance that they can detect identity impersonation, even if they fail to detect the deepfake itself.”
• “Deepfakes and social engineering are a bad combination. Organizations must make people and processes more resilient while staying aware of technical solutions.”