While the last 12 months may have lacked the headline events of previous years, it has been far from quiet for the world’s chief information security officers (CISOs). The now permanent need to support remote and hybrid work has created a larger attack surface for many businesses than ever before. At the same time, cyber threats are growing more frequent, sophisticated and damaging.
Employees are changing jobs at record levels and taking data with them when they leave. Meanwhile, generative AI and off-the-shelf tools put devastating threats in the hands of anyone willing to pay a few dollars. And research for the inaugural Data Loss Landscape report from Proofpoint found that careless employees are companies’ biggest data loss problem.
To understand how CISOs are faring in yet another blockbuster year in the cyber-risk landscape, Proofpoint surveyed 1,600 of these security leaders globally to learn more about their roles and outlook for the next two years. This year, we surveyed organizations with more than 1,000 employees to gain richer insights into complex cybersecurity practices.
CISOs feel more concerned yet better prepared
Whether driven by record employee turnover, increasingly sophisticated cyberattacks or the growing reliance on cloud technology, most CISOs are nervously scanning the threat landscape. Over two-thirds (70%) believe their businesses are at risk for a cyberattack over the next 12 months—up from 68% in 2023 and 48% in 2022.
Despite these concerns, many CISOs we surveyed report feeling confident in their company’s ability to deal with the consequences. Fewer than half (43%) believe that they aren’t prepared for a targeted cyberattack—down from 61% in 2023 and 50% in 2022.
It is heartening to know that more CISOs feel ready to face cyber threats. However, the reality is that 70% of CISOs also believe an attack is imminent—and almost half remain unprepared for its impact.
Humans are still a top concern
There are many threats on the minds of CISOs this year, from ransomware and email fraud to insider threats and cloud account compromise. But their people are causing them the most anxiety.
Almost three-quarters (74%) of CISOs believe that human error is their biggest cyber vulnerability, up from 60% in 2023 and 56% in 2022. Even more (80%) believe human risk and employee negligence will be key cybersecurity concerns for the next two years.
Our research shows that CISOs generally believe their people are aware of their critical role in defending the business from cyber threats. That CISOs still see their people as the primary risk factor suggests there’s a disconnect between employees’ understanding of cyber threats and their ability to keep threats at bay.
- 74% of CISOs believe human error is their biggest cyber vulnerability.
- 86% believe their employees understand their role in defending the business from cyber threats. Almost half (45%) strongly agree with this statement.
- 41% believe ransomware attacks are the top threat to their business over the next 12 months.
CISOs are feeling the pressure
CISOs have cemented their place in the boardroom in recent years, and many of these executives are now influencing business strategy rather than just problem-solving. As a result, increasing numbers of CISOs are seeing eye to eye with the rest of the C-suite.
However, this change in status brings higher stakes and increased pressure for CISOs. More than half said that they know colleagues who are burnt out or have experienced burnout themselves in the past 12 months. Even more say that the expectations surrounding the role of CISOs are excessive.
- 84% of surveyed CISOs reported seeing eye to eye with their boards, up considerably from 62% in 2023.
- 53% of CISOs have experienced or witnessed burnout in the past 12 months.
- 66% of CISOs believe expectations on the CISO/chief security officer (CSO) are excessive—a steady increase from 61% in 2023, 49% in 2022 and 21% in 2021.
Get the full report
Download the 2024 Voice of the CISO report from Proofpoint to read all the findings and analysis from our latest global survey of CISOs.