In Proofpoint's Voice of the CISO 2024 report, the cybersecurity firm found that CISOs are facing human-centric threats more than ever. Additionally, cybersecurity budgets are often unchanged and AI can help or hurt CISOs' efforts.
As for specific threat risks, 41% of CISOs primarily fear ransomware attacks, followed by malware (38%), email fraud (36%), cloud account compromise ( 34%), insider threats (30%) and distributed denial of service. (30%) attacks.
For this report, research firm Censuswide surveyed 1,600 CISOs from organizations with 1,000 or more employees across industries in 16 countries.
Top CISO People-Centric Security Issues
According to the survey, more CISOs than ever believe that human error is their organizations' greatest vulnerability; 74% of CISOs feel this way, up from 60% in 2023.
Additionally, 80% of CISOs consider human risk as a key cybersecurity concern over the next two years, up from 63% in 2023. This is where AI comes into play, as 87% of CISOs look to implement AI-powered technologies to combat human vulnerability and block human-centric cyber threats.
Threats also include malicious insiders (36%) and compromised insiders (33%).
DOWNLOAD: TechRepublic Premium Security Awareness and Training Policy
Data loss events and threat mitigation
Negligent or careless employees are seen as the leading cause of data loss for CISOs (42%) versus external attacks (40%). According to the Proofpoint report, 73% of CISOs added that their data loss events were due to employees leaving their organization.
The consequences of these data loss events are mainly financial losses (43%), post-attack recovery costs (41%), and loss of critical data (40%).
SEE: Australia CISOs urged to take a closer look at data breach risks
To combat the problem of data loss, many CISOs educate their employees on cybersecurity best practices (53%), use cloud security solutions (52%), implement data loss prevention technology (51%). %), endpoint security (49%), email security. (48%) or insulation technology (42%).
This DLP adoption has increased from 35% to 51% in one year, with the result that 81% of CISOs believe their data is well protected.
An increasing number of cybersecurity threats
Proofpoint stated that organizations' attack surface has never been larger for several reasons, including hybrid working becoming a standard, while reliance on cloud technology has increased. Additionally, employees have become increasingly mobile and often carry data with them when they change jobs.
Seventy percent of CISOs believe their organization is likely to face a material cyberattack over the next 12 months, and 31% think it is very likely. CISOs in the US, Canada and South Korea are the most concerned about experiencing such an attack.
Artificial intelligence helps CISOs but also cybercriminals
As noted above, the majority of CISOs surveyed are looking to implement AI-powered technologies to help them protect their organization, even if they are still in an early stage. Proofpoint wrote: “Even in these early stages, we can already connect the dots between external threats, sensitive content, and anomalous behavior or activities. “That is something that has not been possible at the same speed and scale with human moderation or traditional analysis.”
SEE: Google Cloud's Nick Godfrey talks security, budget and AI for CISOs
However, AI also benefits cybercriminals as it makes their attacks easier to scale, and techniques that were only deployed by nation-state threat actors or well-funded cybercriminal groups are now available to less-skilled attackers. . More than half of CISOs (54%) believe that AI represents some type of security risk to their organization.
Pressure on cybersecurity budgets
The economy has had an impact on organizations, according to 59% of CISOs surveyed. Additionally, CISOs are pressured to do more or at least the same for less, and security budgets remain flat at best. Forty-eight percent of CISOs have been asked to reduce staff, delay replenishments or reduce expenses.
CISOs' top budget priority is now improving information protection and enabling greater business innovation (58%), slightly ahead of improving employee cybersecurity awareness (54%).
CISO Concerns Include Burnout and Insurance
In addition to budget-related stress, 66% of CISOs feel that the expectations placed on them are unrealistic. This figure is continually increasing (61% by 2023), as they also feel that their concerns go unanswered. All of this results in low job satisfaction: 53% of CISOs experienced or witnessed burnout in the last year.
Sixty-six percent of CISOs are also concerned about personal, financial and legal liability in their role, fearing a lack of protection in their work. And 72% of CISOs would not join an organization that did not offer its directors and officers insurance or similar protection in the event of a successful cyberattack.
A bright spot: CISOs' relationships with board members
Eighty-four percent of CISOs reported having face-to-face contacts with their board members, while only 51% reported such contact in 2022 and 62% in 2023. Those contacts have led to greater understanding by board members.
Divulgation: I work for Trend Micro, but the opinions expressed in this article are my own.