Making the Mindshift to Pre-emptive Security

Gartner has predicted that by 2030, over 50% of cybersecurity software budgets will be allocated to pre-emptive security, up from just 5% in 2024.

What constitutes pre-emptive security?

Gartner categorises pre-emptive security as a group of technologies that apply AI and machine learning to allow organisations to predict and prevent attacks. The analyst firm identifies three key technologies – predictive threat intelligence, advanced deception, and automated moving target defence as being core capabilities supporting a pre-emptive approach.

How will pre-emptive security be funded?

Gartner expects that disaster recovery (DR) spending will give way to pre-emptive technologies. However, I believe there will be a strategic reallocation of the budget. Disaster recovery (DR) and incident response (IR) budgets will remain steady at first.

As IT budgets increase, an amount will be set aside for pre-emptive tools. This may result in a slight reduction in DR budgets initially. However, DR/IR tools have been deployed deeply throughout multiple enterprise departments, so this shift will take time.

Pre-emptive security optimises existing security resources by containing damage, lowering incident response costs, and reducing recovery time following attempted attacks.

Where will we see pre-emptive security first?

Highly-regulated sectors like finance or healthcare are most likely to allocate additional budget towards pre-emptive technology. In these sectors, cybersecurity is a board-level issue, with individual directors held accountable for breaches.

The NHS report, revealing that last year’s ransomware attack on a pathology laboratory contributed to a patient’s death, brought it home to everyone that lives literally depend on robust security.

The cyberattack on Jaguar Land Rover (JLR) caused manufacturing to be shut down for seven weeks. It resulted in 21,138 fewer vehicles being produced. It is estimated that the damage amounted to £50 million a week in costs. Additionally, JLR lost £1.5 billion in revenue.

It led to the UK government guaranteeing a loan to support the 700 British suppliers that were also impacted by JLR’s pause in production.

Will pre-emptive security become mandatory?

When any factor threatens public safety and economic resilience, the government will step in.

GDPR, PCI DSS, CCPA, NIS2, and other emerging global frameworks, already require proactive data protection and breach reporting. Governments could also mandate that providers of critical national infrastructure, and organisations in the financial, and healthcare sectors put pre-emptive security tools in place.

Of course, pre-emptive security is not solely about technology. It is also about raising public awareness of the threats, and changing people’s behaviour. The government has a civic responsibility to educate the nation about their personal responsibilities to help pre-empt and counteract evolving cyber threats.

AI on the attack

Standalone Detection and Response solutions were designed to detect known threats and respond reactively. Emerging AI-driven cyber threats are rendering those siloed tools insufficient. Examples include deepfakes being used to spoof privileged identities.

Attackers are also using AI to evade detection by generating polymorphic malware, altering tactics, techniques and procedures in real-time. DR/IR tools’ reliance on known behaviours lags behind AI’s ability to mutate. Without cross-domain correlation, subtle signals of an AI-driven intrusion can be missed.

Cyberattacks are now much more sophisticated. They employ a combination of social engineering and AI, such as deepfakes, vishing, and automated phishing attacks. This has resulted in attacks at a scale which make it increasingly difficult to manage using traditional manual processes.

AI threats operate at machine speed. Organisations no longer have time to wait for an analyst’s manual response to a DR alert.

This requires a paradigm shift from the way the industry has worked for the past two decades.

Standalone DR may detect, but can’t always orchestrate cross-environment remediation. For example, isolating accounts, blocking cloud workloads, or revoking access tokens.

AI in Defence

Gartner predicts that the future of cybersecurity rests on achieving an “Autonomous Cyber Immune System.” It will employ machine learning and agentic AI to predict, pre-empt, and neutralise emerging threats.

One of the ways that organisations are using AI as a pre-emptive defence mechanism is by setting up honeypots that train the LLM. When attackers take the bait, AI tracks and records their activities and learns their methods.

AI can provide predictive analytics based on how attackers breached the perimeter, their movement patterns, and the processes they used. This enables organisations to build their pre-emptive frameworks around real attacks. They can also continuously run analytical exercises to adapt frameworks over time.

When protecting privileged identities that control critical systems, AI can learn from attack methodologies to identify and block anomalous behaviour.

AI can carry on learning from attacks and repeatedly rebuild the security posture to counteract new methods.

Signs of the shift to pre-emptive security

Gartner has predicted that pre-emptive security tools will command half of the security budgets within four years. Within the financial sector, we’re already seeing examples of investment in pre-emptive strategies.

HSBC has more than doubled the number of biometric readers installed at its new London headquarters, due to be operational by 2027.

JP Morgan has mandated that employees working at its new Manhattan headquarters must submit fingerprints or iris scans to be able to access the building.

In a development viewed by the fintech industry as a potential security model for other countries’ digital currencies, the European Central Bank has awarded Portugese AI startup, feedzai, $278.7 million to develop fraud prevention technology for its digital Euro. Feedzai will use AI to provide a fraud risk score for every digital transaction before approving a payment.

Why Identity is the foundation of zero trust

The financial sector’s investments in physical access control and AI-powered risk assessment software echo the zero trust approach that is fundamental to identity and access management.

For the vast number of global employees who are now working remotely, identity is the new perimeter.

In a zero trust environment, no request is trusted. Identity must always be verified before access is granted to physical, data, or digital assets.

How identity management underpins pre-emptive security

AI may be changing the scale and speed of attacks. However, phishing and credential misuse are still the leading methods used to breach organisations’ defences. Therefore, identity security is a central pillar of any pre-emptive security strategy.

AI can be deployed as an abstraction layer within an identity security fabric. The ‘fabric’ comprises privileged access management (PAM), identity and access management (IAM), identity governance and administration (IGA), Active Directory management, and identity threat detection and response (ITDR).

Using AI to correlate elements of the identity fabric allows an organisation’s joiner, leaver, mover processes to be automatically enforced. It closes gaps, and blocks anomalous access requests.

Pre-empt, detect, disrupt

Standalone DR tools lack identity, behavioural, and data context. They may detect anomalies but fail to prioritise or connect them to a larger attack campaign. Modern defence needs security data fusion across domains.

Instead of reacting to intrusions, pre-emptive measures aim to reduce attack opportunities, detect weak signals early, and disrupt adversaries before they succeed.

As more cyber attackers use AI and automation to strike faster and more unpredictably, pre-emptive, AI-based cybersecurity offers one of the most effective defence strategies.

Given the speed at which agentic AI is already being deployed for both defence and offence, I predict that it may only be two years before we see half of cybersecurity software budgets being allocated to pre-emptive security tools.

---

Trusted by more than 11,000 organisations managing over 500 million identities, One Identity is a leader in identity governance and administration (IGA), privileged access management (PAM), and access management (AM), for security without compromise. One Identity delivers trusted identity security for enterprises worldwide, to protect and simplify access to digital identities. With flexible deployment options and subscription terms – from self-managed to fully-managed – One Identity’s solutions integrate seamlessly into an organisation’s identity fabric to strengthen its identity perimeter, protect against breaches, and ensure governance and compliance.

Learn more at www.oneidentity.com.

The post Making the Mindshift to Pre-emptive Security appeared first on Enterprise Times.