A recent survey of security managers and architects across industries identified the trends expected to have the greatest impact this year. The top four were: Artificial Intelligence and Machine Learning (AI/ML) The European Union’s General Data Protection Regulation (GDPR) DevSecOps – integrating security throughout the software development lifecycle Software as a Service (SaaS) adoption for security needs Below, we examine each trend, highlight key findings from the survey, and provide recommendations for organizations.

Here we’ll examine survey respondents’ plans in each of these four areas. We’ll also combine our research with that of other industry leaders to provide recommendations.

1. Artificial Intelligence (AI/ML)

Survey Insights:

60% of respondents cited AI as a top trend in 2019. Focus areas included security analytics, security incident and event management (SIEM), and endpoint protection. Over half planned to invest further in AI, split between in-house development and vendor solutions.

Context: As networks grow more complex and threats evolve rapidly, AI/ML is increasingly essential. Analysts are overwhelmed by alerts—often 10,000 per day—while studies show they can investigate only 5–10 issues daily. AI applications like anomaly detection and phishing prevention are critical, but it is not a silver bullet: attackers continually adapt, and investment alone is insufficient.

Recommendations

To get the most from AI, security managers must:

• Carefully evaluate vendor claims about AI effectiveness.
• Integrate AI tools with existing security databases and analytics platforms.
• Train staff to use AI effectively or partner with experienced providers.
• Remain vigilant against hackers leveraging AI to enhance attacks or bypass defenses.

2. GDPR Compliance

Survey Insights:

72% of respondents’ organizations are affected by GDPR. 40% identified GDPR as a top trend for 2019. Major challenges include business process implementation for data requests and privacy enforcement in third-party contracts; technical measures were considered easier.

Context:
Many organizations have taken a “wait-and-see” approach, often due to lack of executive buy-in or reliance on consultants. Regulatory compliance is particularly challenging outside finance and healthcare, where experience managing regulations is less common.

Recommendations

Clearly understand and document why personal data is collected, obtain proper consent, and communicate usage to users.

• Conduct data protection impact assessments for high-risk data and report breaches within 72 hours.
• Embed security and privacy by design throughout the data lifecycle.

3.DevSecOps

Survey Insights:

49% of respondents highlighted DevSecOps as a key trend.Adoption is uneven; some practices like vulnerability scanning, penetration testing, and static code analysis are in use, but configuration and control rules are less common.

Context:
Developers often face pressure to deliver software quickly while security teams follow traditional review processes. DevSecOps embeds security into development, deployment, and operations, addressing gaps between development speed and security requirements. Adoption requires both process changes and cultural shifts.

Recommendations

Maximizing the agility and security benefits of DevSecOps requires:

• Update testing processes to reflect the immutability of software subcomponents.
• Foster a culture of collaboration between development and security teams; empower developers to test their own code.
• Leverage automation to scale security practices efficiently.

4. Software as a Service (SaaS)

Survey Insights:

43% of respondents identified SaaS as a top trend. Two-thirds already use cloud applications for security, with 64% planning to expand usage. However, 54% expressed concerns about SaaS reliability and security.

Context:
SaaS offers flexibility, rapid deployment, and scalability, but it introduces risks since security applications often handle sensitive data. Credential leaks or compromised platforms can give attackers deep access to critical systems.

Recommendations

Some essential precautions around SaaS:

• Store cloud encryption keys separately from the data they protect.
• Implement cloud-based identity and access management solutions.
• Consider a cloud access security broker with data loss protection to prevent leaks and malware infections.

Conclusion

While GDPR and SaaS are driving organizations to rethink IT security, AI/ML and DevSecOps remain top priorities for proactive defense. The security landscape will continue to evolve, but these tools and strategies offer effective ways to manage risk, improve efficiency, and strengthen enterprise security.