Curated Content | Thought Leadership | Technology News

Research Suggests Most CISOs Feel at Risk of an Attack Within the Year

Yet confidence is growing.
Ryan Uliss
Contributing Writer
Cute cyborg rabbit screaming while holding megaphone.

Sophisticated cyberattacks and digital risks are on the rise, and understanding the perspectives and challenges faced by those at the forefront of cybersecurity can be crucial. The 2024 Voice of the CISO report by Proofpoint provides an in-depth look at the current state of cybersecurity, highlighting the concerns and priorities of Chief Information Security Officers worldwide.

Based on a survey of 1,600 CISOs from large organizations across 16 countries, the report reveals that while the majority of surveyed CISOs feel at risk of a material cyberattack within the next 12 months, there is a notable increase in preparedness, with fewer than half feeling unprepared. Human error remains a significant challenge, identified as the biggest vulnerability, even as CISOs forge closer relationships with key stakeholders, reporting increased alignment on cybersecurity issues with board members.

However, they continue to face unrelenting pressure, with more than half believing the expectations placed on them are excessive, contributing to high levels of burnout. Concerns about personal, financial, and legal liability have also increased. Proofpoint’s research allows us to explore these findings and examine the strategies CISOs are employing to bolster defenses, address burnout, and strengthen board relationships while looking to stay ahead of future cyber threats.

Heightened Concerns but Growing Confidence

CISOs are navigating a complex mix of challenges in 2024. With the pandemic’s immediate impacts fading, the focus has shifted to securing remote and hybrid workforces amid ongoing employee turnover and restructuring. Notably, 70% of CISOs feel at risk of a material cyberattack within the next 12 months, up slightly from 68% in 2023​​. Despite these concerns, there is a growing sense of preparedness, with fewer CISOs feeling unprepared for targeted attacks compared to previous years​​.

The increased attack surface, driven by hybrid work and cloud technology reliance, poses significant threats. Generative AI tools, while promising, have also lowered the bar for cybercriminals, making sophisticated attacks more accessible. This dual nature of AI as both a threat and a defensive tool highlights an intricate challenge today’s CISOs face.

Human Error: The Persistent Vulnerability

Human error remains a significant cybersecurity vulnerability. The report reveals that 74% of CISOs consider human error to be their organization’s biggest cyber vulnerability, up from 60% in 2023. This increase highlights the ongoing struggle to mitigate risks associated with employee behavior. Despite efforts to educate employees, evidence suggests that there is a disconnect between awareness and effective action.

CISOs are increasingly turning to AI-powered technologies to address these human-centric threats. A striking 87% of global CISOs are looking to deploy AI tools to mitigate human error and block advanced threats. This proactive approach reflects a broader trend toward integrating advanced technologies into cybersecurity strategies. Additionally, the report indicates that 80% of CISOs view human risk, including employee negligence, as a key cybersecurity concern over the next two years, a significant rise from 63% in 2023. This concern is most pronounced in countries like Canada at 90% and France at 91%.​

Data Protection and Insider Threats

Data protection continues to be a top priority for CISOs. The transient nature of today’s workforce exacerbates the risk of data loss, particularly as employees change jobs more frequently. Proofpoint’s report notes that 73% of CISOs have experienced data loss due to employees leaving their organizations. This trend is most pronounced in sectors handling large amounts of highly sensitive information, such as education and healthcare.

To combat data loss, CISOs are investing in Data Loss Prevention (DLP) technologies and employee education. The adoption of DLP technology has surged, with 51% of CISOs deploying these tools, up from 35% in 2023. These measures aim to protect sensitive information and ensure that data governance remains stringent.

Additionally, the report highlights that 87% of CISOs view information protection and data governance as top priorities, a significant increase from 61% in 2023. This focus underscores the critical need for effective strategies to safeguard data as cyber threats evolve.

Strengthening Board-CISO Relations

The relationship between CISOs and board members is improving, with 84% of CISOs now reporting alignment with their boards on cybersecurity issues, up from 62% in 2023. This growing alignment reflects a broader recognition of the importance of cybersecurity at the highest organizational levels. Many CISOs have successfully communicated the business impact of security concerns, fostering greater understanding and support from board members.

The report also highlights that 84% of CISOs believe cybersecurity expertise should be a board-level requirement, a sentiment that underscores the critical role of cybersecurity in strategic decision-making and risk management. Furthermore, 91% of CISOs in the healthcare sector, 88% in the transport sector, and 81% in the energy, oil/gas, and utilities sectors report being in agreement with their boards on cybersecurity matters. This improved alignment helps to ensure that cybersecurity strategies are effectively integrated into overall business objectives.

The Unrelenting Pressure

The pressures on CISOs continue to mount. Unrealistic expectations, burnout, and concerns about personal liability are being reported as significant issues. According to the research, 66% of CISOs believe the expectations placed on them are excessive, a figure that has risen sharply in recent years. Furthermore, 53% of CISOs have experienced or witnessed burnout in the past 12 months.

Personal liability is another growing concern, with 66% of CISOs worried about financial and legal repercussions in their roles. This anxiety is prompting many CISOs to reconsider their career choices, with 72% unwilling to join organizations that do not offer adequate liability protection.

The Wrap

At its core, Proofpoint’s 2024 Voice of the CISO report serves as a powerful reminder that cybersecurity is a human issue as much as a technological one. While emerging threats and innovative defenses garner headlines, the most formidable challenges facing today’s security leaders often stem from the fundamental realities of human behavior, organizational culture, and personal well-being.

Addressing the concerns around burnout, liability, and misaligned priorities will prove just as critical as deploying the latest AI-powered tools or implementing strong data protection protocols. As CISOs navigate an increasingly complex cybersecurity environment, fostering a holistic approach that balances technological prowess with a deep understanding of the human elements at play will be the key to safeguarding organizations and the leaders charged with their protection.

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.