Major challenges include human errors and risks


In Proofpoint's Voice of the CISO 2024 report, the cybersecurity firm found that CISOs are facing human-centric threats more than ever. Additionally, cybersecurity budgets are often unchanged and AI can help or hurt CISOs' efforts.

As for specific threat risks, 41% of CISOs primarily fear ransomware attacks, followed by malware (38%), email fraud (36%), cloud account compromise ( 34%), insider threats (30%) and distributed denial of service. (30%) attacks.

The highest threat risks perceived by CISOs over the next 12 months. Image: Test point

For this report, research firm Censuswide surveyed 1,600 CISOs from organizations with 1,000 or more employees across industries in 16 countries.

Top CISO People-Centric Security Issues

According to the survey, more CISOs than ever believe that human error is their organizations' greatest vulnerability; 74% of CISOs feel this way, up from 60% in 2023.

Chart showing the percentage of CISOs by country who consider human error as their organization's greatest vulnerability.
Percentage of CISOs by country who consider human error as their organization's greatest vulnerability. Image: Test point

Additionally, 80% of CISOs consider human risk as a key cybersecurity concern over the next two years, up from 63% in 2023. This is where AI comes into play, as 87% of CISOs look to implement AI-powered technologies to combat human vulnerability and block human-centric cyber threats.

Threats also include malicious insiders (36%) and compromised insiders (33%).

DOWNLOAD: TechRepublic Premium Security Awareness and Training Policy

Data loss events and threat mitigation

Negligent or careless employees are seen as the leading cause of data loss for CISOs (42%) versus external attacks (40%). According to the Proofpoint report, 73% of CISOs added that their data loss events were due to employees leaving their organization.

Chart showing the cause of data loss events, as reported by CISOs who dealt with a material loss of sensitive information in the last 12 months.
Cause of data loss events, as reported by CISOs who dealt with a material loss of sensitive information in the past 12 months. Image: Test point

The consequences of these data loss events are mainly financial losses (43%), post-attack recovery costs (41%), and loss of critical data (40%).

SEE: Australia CISOs urged to take a closer look at data breach risks

To combat the problem of data loss, many CISOs educate their employees on cybersecurity best practices (53%), use cloud security solutions (52%), implement data loss prevention technology (51%). %), endpoint security (49%), email security. (48%) or insulation technology (42%).

This DLP adoption has increased from 35% to 51% in one year, with the result that 81% of CISOs believe their data is well protected.

An increasing number of cybersecurity threats

Proofpoint stated that organizations' attack surface has never been larger for several reasons, including hybrid working becoming a standard, while reliance on cloud technology has increased. Additionally, employees have become increasingly mobile and often carry data with them when they change jobs.

Seventy percent of CISOs believe their organization is likely to face a material cyberattack over the next 12 months, and 31% think it is very likely. CISOs in the US, Canada and South Korea are the most concerned about experiencing such an attack.

Chart showing the percentage of CISOs who feel their organization is at risk of a major cyberattack in the next 12 months.
Percentage of CISOs who feel their organization is at risk of a material cyberattack in the next 12 months. Image: Test point

Artificial intelligence helps CISOs but also cybercriminals

As noted above, the majority of CISOs surveyed are looking to implement AI-powered technologies to help them protect their organization, even if they are still in an early stage. Proofpoint wrote: “Even in these early stages, we can already connect the dots between external threats, sensitive content, and anomalous behavior or activities. “That is something that has not been possible at the same speed and scale with human moderation or traditional analysis.”

SEE: Google Cloud's Nick Godfrey talks security, budget and AI for CISOs

However, AI also benefits cybercriminals as it makes their attacks easier to scale, and techniques that were only deployed by nation-state threat actors or well-funded cybercriminal groups are now available to less-skilled attackers. . More than half of CISOs (54%) believe that AI represents some type of security risk to their organization.

Pressure on cybersecurity budgets

The economy has had an impact on organizations, according to 59% of CISOs surveyed. Additionally, CISOs are pressured to do more or at least the same for less, and security budgets remain flat at best. Forty-eight percent of CISOs have been asked to reduce staff, delay replenishments or reduce expenses.

CISOs' top budget priority is now improving information protection and enabling greater business innovation (58%), slightly ahead of improving employee cybersecurity awareness (54%).

Chart showing the top priorities for organizations' IT teams over the next two years.
Top priorities for organizations' IT teams over the next two years. Image: Test point

CISO Concerns Include Burnout and Insurance

In addition to budget-related stress, 66% of CISOs feel that the expectations placed on them are unrealistic. This figure is continually increasing (61% by 2023), as they also feel that their concerns go unanswered. All of this results in low job satisfaction: 53% of CISOs experienced or witnessed burnout in the last year.

Sixty-six percent of CISOs are also concerned about personal, financial and legal liability in their role, fearing a lack of protection in their work. And 72% of CISOs would not join an organization that did not offer its directors and officers insurance or similar protection in the event of a successful cyberattack.

A bright spot: CISOs' relationships with board members

Eighty-four percent of CISOs reported having face-to-face contacts with their board members, while only 51% reported such contact in 2022 and 62% in 2023. Those contacts have led to greater understanding by board members.

Divulgation: I work for Trend Micro, but the opinions expressed in this article are my own.

scroll to top