Sixty-three percent of security leaders had to deal with the loss of sensitive information in the past 12 months, according to the annual Voice of the CISO report from Proofpoint.
Sixty-eight percent of surveyed CISOs feel at risk of a material cyber-attack, with, 61% feeling unprepared to cope with it.
Other findings include:
- The loss of sensitive data is exacerbated by employee turnover: Of those who had to deal with a material loss of sensitive data in the past 12 months, 82% agreed that employees leaving the organization contributed to the loss. Despite those losses, 60% of CISOs believe they have adequate controls to protect their data.
- Email fraud tops the list of the most significant threats: while the top threats perceived by CISOs are almost the same as last year, email fraud (business email compromise) moved from the fourth spot to the top, followed closely by insider threats, cloud account compromise and DDoS attacks.
- Most organizations are likely to pay a ransom if impacted by ransomware: 62% of CISOs believe their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. And they are increasingly relying on insurance to shift the risk—61% said they would place a cyber insurance claim to recover losses incurred in various types of attacks.
- Supply chain risk is a recurring priority: 64% of CISOs say they have adequate controls in place to mitigate supply chain risk, a slight increase from last year’s 59%. While these protections may feel adequate for now, going forward, CISOs may feel more strapped for resources—58% say the shaky economy has negatively impacted their cybersecurity budget.
- People risk remains a prominent concern: there is a slight uptick in the number of CISOs who view human error as their organization’s biggest cyber vulnerability—60% in this year’s survey vs. 56% in 2022 and 58% in 2021. Also consistent with previous years, 61% of CISOs believe that employees understand their role in protecting the organization, compared to 60% in 2022 and 58% in 2021; this lack of significant progress indicates a struggle to build a strong security culture.
- CISOs and boards are more in tune: 62% of CISOs agree their board members see eye-to-eye with them on cybersecurity issues. The board-CISO relationship has improved: up from 51% last year and 59% in 2021.
- Mounting CISO pressures are making the job increasingly unsustainable: 61% of CISOs feel they face unreasonable job expectations, a significant increase from last year’s 49%. While the return to their new reality may be one reason behind this view, CISOs’ job-related angst is a likely contributor as well—62% are concerned about personal liability and 60% say they have experienced burnout in the past 12 months.
The 2023 Voice of the CISO report examines global third-party survey responses from more than 1,600 CISOs at mid-to-large size organizations across different industries. Throughout the course of Q1 2023, 100 CISOs were interviewed in each market across 16 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, Singapore, South Korea, and Brazil.
Share Your Thoughts
You must be logged in to post a comment.