Amidst the rising concerns over cyber threats, Chief Information Security Officers (CISOs) are showing increased confidence in their ability to counter these risks, marking a notable shift in the cybersecurity landscape, as per Proofpoint.
CISOs’ Confidence on the Rise Despite Cyber Threats
According to the findings, 70% of surveyed CISOs feel vulnerable to significant cyber attacks within the next year, a slight increase from 68% the previous year and a notable jump from 48% in 2022. Despite this heightened awareness, there is a growing sense of preparedness among CISOs, with only 43% expressing a lack of readiness to address targeted cyber threats—a significant decrease from 61% in 2023 and 50% in 2022.
Human error remains a key vulnerability in cybersecurity, identified by 74% of CISOs as the primary concern. With insider threats and data loss incidents on the rise, an unprecedented 80% of CISOs view human risk, especially negligent employee behavior, as a major cybersecurity challenge over the next two years.
However, there is a growing optimism regarding AI-powered solutions to mitigate human-related risks, indicating a strategic shift towards technology-driven defenses.
“While the cybersecurity landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a vital shift towards greater resilience, preparedness, and confidence among global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint.
AI Security Threats and Concerns
In the current survey, 54% of CISOs perceive generative AI as a security risk to their organizations. The top three systems viewed as introducing risk are ChatGPT/other GenAI (44%), collaboration tools like Slack/Teams/Zoom (39%), and Microsoft 365 (38%).
Despite facing material losses of sensitive data in the past year, with 46% reporting such incidents, 81% of CISOs believe they have adequate controls to safeguard their data. The adoption of data loss prevention technology (DLP) has increased to 51%, compared to 35% in the previous year.
Top Cybersecurity Threats and Responses
Ransomware attacks (41%), malware (38%), and email fraud (36%) are perceived as the biggest cybersecurity threats in 2024. Notably, there is a shift from previous years, with ransomware taking the top spot and business email compromise (BEC) moving down.
Despite the risks, 62% of CISOs believe their organizations would pay a ransom to restore systems and prevent data release. Additionally, 79% would rely on cyber insurance claims to recover potential losses.
Board Engagement and CISO Well-being
Board members are increasingly aligned with CISOs on cybersecurity issues, with 84% of CISOs reporting agreement—an uptick from 62% in 2023.
However, concerns about burnout (53%) and excessive expectations (66%) persist among CISOs. The economic downturn has also impacted their ability to make crucial investments, with 59% facing challenges in this regard.
“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools,” remarked Ryan Kalember, chief strategy officer at Proofpoint. “However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.”
The 2024 Voice of the CISO report is based on global third-party survey responses from 1,600 CISOs across organizations with 1,000 employees or more, spanning various industries.
Source: helpnetsecurity.com
