The cybersecurity landscape is constantly evolving, with new threats emerging on a regular basis. Chief Security Information Officers (CISOs) responsible for protecting their company’s systems now face a greater number of cyber threats than ever before. In its annual report, cybersecurity and compliance company Proofpoint Inc. identified several challenges that CISOs currently face, along with their priorities and expectations.
Over the past few years, CISOs have encountered numerous new challenges. Firstly, the global pandemic forced companies to adapt to remote work, and then the increasing adoption of cloud-based systems has significantly raised the threshold for cyber threats.
Proofpoint’s report, titled “Voice of the CISO,” highlights human error as the leading cybersecurity risk, among many others. Nearly 74% of surveyed CISOs believe that there is a high risk of experiencing a cyber attack within the next year. This concern has slightly increased from the previous year’s 68% and is significantly higher compared to 2022, when it was only perceived as 48%.
Patrick Joyce, Proofpoint’s global resident CISO, stated that despite the rise in cyber attacks, CISOs are now more confident in countering these threats, indicating a shift in the cybersecurity landscape.
According to the survey, CISOs must remain vigilant at all times. Only 43% of CISOs feel unprepared to handle a targeted cyber attack, a significant decrease from the previous year’s 61%.
Human error remains the top concern for CISOs, surpassing all other cybersecurity vulnerabilities this year. The report suggests that insider threats have increased over the past year, with 80% of CISOs viewing human risk as a major cybersecurity threat, particularly from careless employees.
Despite this, 86% of CISOs believe that most employees understand their roles and responsibilities in safeguarding the organization. This confidence has significantly increased from the previous year’s score of 60%. Proofpoint attributes this positive change to the implementation of AI-based solutions, which 87% of surveyed CISOs expressed a desire to deploy for protecting their organizations against advanced human-centric cyber threats.
Generative AI is also emerging as a concern for 54% of CISOs, who view it as a major risk factor for their organizations. They believe that the three most concerning systems that can introduce risk are ChatGPT or similar tools, Slack, Teams, Zoom, or similar collaboration tools, and Microsoft 365 Copilot.
In the past year, 46% of security leaders reported material losses of organizational data, with 73% acknowledging that departing employees could be involved in these losses. However, the majority of CISOs, nearly 81%, stated that they have sufficient controls in place to protect their organizational data.
To address these concerns, most CISOs have adopted data loss prevention technology, and 53% have invested in training their employees on best data security practices. Ransomware, malware, and email fraud are among the major concerns, with 62% of CISOs indicating that their organizations would pay to restore their systems and prevent data leakage if attacked in the next year.
Proofpoint’s findings align with those of Metomic’s “2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe.” Metomic is a data security solution provider specializing in GenAI, SaaS, and cloud applications. Their report, published in late April, also identifies generative AI as a major threat.
However, it is worth noting that the sample size for the survey was relatively small, with responses from 400 CISOs from the United States and the United Kingdom. According to the survey, data breaches were the top concern, with 84% of CISOs planning to focus on security operations. In 2023, companies experienced 3,205 data breach incidents, with the average cost of a single data breach amounting to $9.48 billion.
Proofpoint claims to have examined responses from 1,600 CISOs from firms with a minimum of 1,000 employees in various sectors for its Voice of the CISO report. The responses were gathered through global third-party surveys.
The survey included 100 CISOs from each sector and was conducted during the first quarter of 2024. The professionals interviewed represented 16 countries, including the United States, Canada, Japan, Singapore, South Korea, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, and Brazil.
Metomic’s report indicates that 80% of CISOs believe they have access to the necessary resources to perform their jobs, while Proofpoint’s report highlights that 84% of CISOs believe their company board members share the same views and understanding of cybersecurity issues.
In conclusion, the cybersecurity landscape is constantly evolving, posing new challenges for CISOs. Human error remains the top concern, but CISOs are becoming more confident in countering cyber threats. Generative AI is emerging as a major risk factor, and organizations are investing in technology and training to protect their data. The findings of Proofpoint’s report align with those of Metomic’s survey, showcasing the shared concerns and priorities of CISOs in the industry.
