Gartner Predicts AI Applications Will Drive 50% of Cybersecurity Incident Response Efforts by 2028

SYDNEY, Australia, March 17, 2026 - Fifty percent of all enterprise cybersecurity incident response efforts will focus on incidents involving custom-built AI-driven applications by 2028, according to Gartner, Inc., a business and technology insights company.

Speaking at the Gartner Security & Risk Management Summit in Sydney today, Christopher Mixter, VP Analyst at Gartner said: "AI is evolving quickly, yet many tools - especially custom-built AI applications - are being deployed before they're fully tested. These systems are complex, dynamic and difficult to secure over time. Most security teams still lack clear processes for handling AI-related incidents, which means issues can take longer to resolve and require far more effort."

Gartner recommends security leaders get involved early in custom-built AI application projects to ensure sufficient time exists, resources are planned and expectations are managed for adequate security controls.

This is one of Gartner's top cybersecurity predictions being unveiled at the Summit today. Gartner recommends cybersecurity leaders factor these predictions into their security strategies over the next two years.

By 2028, more than 50% of enterprises will use AI security platforms to secure third-party AI service usage and protect custom-built AI applications. 

AI security platforms give organisations a unified way to manage the new risks associated with rapid AI adoption, such as prompt injection, data misuse and more. Centralising visibility and control, these platforms help CISOs enforce use policies, monitor AI activity and apply consistent security guardrails across third-party and custom AI applications. Security leaders must evaluate AI security platforms to ensure they can secure both forms of applications.

Through 2027, manual AI compliance processes will expose 75% of regulated organisations to fines exceeding 5% of their global revenue.

Despite the distinct approaches to regulation globally, AI regulations converge on a universal demand for a systematic risk management approach. Even if CISOs can keep ahead of security, privacy and cyber risk management regulations and standards, new regulations covering AI safety call everything into question. For greater success, Gartner recommends establishing cyber governance risk and compliance, and enabling compliance through technology.

Through 2030, 33% of IT work will be spent remediating AI data debt to secure AI.

Most organisations' data is not AI‑ready, with poorly secured and unstructured data a major barrier to AI adoption. In response, cybersecurity leaders are expanding data loss prevention to monitor and restrict data flows triggered by GenAI and agentic AI data access events and requests. Gartner recommends they collaborate with data and analytics and AI leaders to define a structured program of data discovery, assessment and access control remediation.

By 2027, 30% of organisations will require comprehensive sovereignty of their cloud security controls to address continued geopolitical turmoil.

Geopolitical turmoil and local regulations are creating untenable data risks, which require many organizations to make sovereignty a key part of their cyber resilience approach. This will necessitate changes in vendor selection for cloud-tethered offerings and prioritisation efforts as geopatriation requirements intensify. Cybersecurity leaders must play an active role in defining organisational sovereignty requirements, including those required by local regulations.

By 2028, 70% of CISOs will use identity visibility and intelligence capabilities to shrink the IAM attack surface, reducing the risks of credential compromise.

Identity has become a primary attack surface as organisations struggle to manage the rapid growth and complexity of human and machine identities. This leaves visibility gaps left by isolated identity and access management (IAM) tools and increases the risk of misconfigurations. Gartner recommends these blind spots be addressed by integrating unified, AI‑powered identity visibility and intelligence platforms to improve detection and remediation.

Learn how to create a cybersecurity strategy that meets the needs of people, as well as technology in this complimentary Gartner guide.

Gartner is the World Authority on AI

Gartner is the indispensable partner to C-Level executives and technology providers as they implement AI strategies to achieve their mission-critical priorities. The independence and objectivity of Gartner insights provide clients with the confidence to make informed decisions and unlock the full potential of AI. Clients across the C-Level are using Gartner's proprietary AskGartner AI tool to determine how to leverage AI in their business. With more than 2,500 business and technology experts, 6,000 written insights, as well as more than 1,000 AI use cases and case studies, Gartner is the world authority on AI. More information can be found here.

Gartner Security & Risk Management Summit

Gartner analysts are presenting the latest insights for security and risk management leaders at the Gartner Security & Risk Management Summit in Sydney this week. Upcoming dates and locations for Gartner Security & Risk Management Summits are June 1-3 in National Harbor, MD, July 22-24 in Tokyo, August 4-5 in Sao Paulo and September 22-24 in London. Follow news and updates from the conferences on X and LinkedIn using #GartnerSEC.

About Gartner for Cybersecurity Leaders

Gartner for Cybersecurity Leaders equips security leaders with the insights to help reframe roles, align security strategy to business objectives and build programs to balance protection with the needs of the organisation. Additional information is available at https://www.gartner.com/en/cybersecurity/products/gartner-for-cisos.

Follow news and updates from Gartner for Cybersecurity Leaders on X and LinkedIn using #GartnerSEC. Visit the Gartner Newsroom for more information and insights.

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective business and technology insights that drive smarter decisions and stronger performance on an organisation's mission-critical priorities. To learn more, visit gartner.com.