If you’ve spent more than five minutes in cybersecurity leadership lately, you’ve probably been overwhelmed by it: hype. Whether it’s the latest AI breakthrough, a new vendor claiming to end ransomware forever, or regulatory shifts generating boardroom panic, the noise is constant. But what if hype isn’t just a distraction? What if it’s a lever?
That was the core proposition of the opening keynote at the Gartner Security & Risk Management Summit this month in National Harbor: “Harness the Hype: Turning Disruption Into Cybersecurity Opportunity.”
At a time when generative AI dominates headlines, and every boardroom seems caught between optimism and existential risk, Gartner’s keynote didn’t tell us to ignore hype—it told us to study it, anticipate it, and, crucially, use it.
Welcome to the Hype Cycle
Many in the room (myself included) are familiar with Gartner’s famous “Hype Cycle” diagram. It charts how new technologies follow a predictable curve—from the initial Innovation Trigger, through the Peak of Inflated Expectations, into the Trough of Disillusionment, before finally hitting the Slope of Enlightenment and reaching the Plateau of Productivity.
What resonated most was Gartner’s argument that this curve doesn’t just describe technologies. It describes organizational change energy. It describes how CEOs react to ransomware headlines. It explains why tech teams rush to adopt AI agents before understanding the risks—and why cyber leaders sometimes freeze in the face of that speed.
AI: King of the Peak
Naturally, generative AI took center stage. Gartner noted that 74% of CEOs believe it will most significantly impact their industries in the next three years—and that 84% of tech executives plan to increase AI investments this year. Those are massive numbers. But for CISOs, the real stat to watch was this: 69% of leaders say cybersecurity risk will be their top focus for the next 12 months.
This is our opportunity.
Instead of being the team of “no,” cybersecurity can be the team that helps the business move fast without breaking things. But to do that, we need to get close to #AI. Learn it. Experiment with it. Break it (safely). And then guide our peers.
Gartner highlighted some solid examples: Sabre’s LLM-driven code remediation tool “Viper” now auto-fixes over 50% of their top vulnerabilities, saving them more than 100,000 developer hours. Workday created “PolicyBot” to eliminate 90% of cyber policy-related tickets. Both initiatives started small, moved fast, and were rooted in experimentation.
These aren’t moonshots. They’re tactical AI deployments solving real problems today.
Fear Is Easy. Metrics Are Better.
Another major theme: don’t weaponize fear. Instead of feeding fear, feed transparency.
When the next breach makes headlines and the CEO is in your office asking, “Could this happen to us?”, you have a choice. You could play the fear card and push budget requests—or you could show them outcome-driven metrics. That’s where Gartner’s concept of Protection Level Agreements (PLAs) and Outcome-Driven Metrics (ODMs) comes in.
Example: Instead of saying, “We need more funding or we’re at risk,” you might say, “Only 20% of our critical systems are currently protected against ransomware. Increasing that to 70% would cost $1 million. Here’s what that gets us.”
Now you’re not pleading. You’re advising. You’re a partner.
Burnout Breeds Breaches
Finally, the keynote didn’t shy away from the people problem. Change is coming fast—and burnout is rising even faster.
Gartner shared a striking stat: 83% of cybersecurity pros admit that burnout led to a security mistake in their org. The cost of hype isn’t just overspending or misalignment—it’s human fatigue. The answer? Give teams agency. Automate the boring work. Let AI handle the repetitive tasks. Build resilience not just into your architecture, but your workforce.
Because hype isn’t going away. And neither is the work.
My Takeaway
What I appreciated about this keynote was its refusal to take the easy way out. It didn’t mock the hype or pretend AI isn’t disruptive. It acknowledged the chaos—and offered a framework to ride the wave rather than get swamped by it.
#Cybersecurity isn’t about saying no. It’s about saying yes—with conditions, with visibility, and with confidence.
In a world where change is the only constant, hype becomes a signal. It shows us where the energy is. And if we learn how to harness that energy—whether for budget discussions, AI deployment, or organizational change—we stop reacting and start leading.
That’s the challenge. That’s the opportunity.
Let’s not waste it.