Almost Two Thirds of Cybersecurity Leaders in the UK and Ireland Believe their Organisation is at Risk of a Cyber Attack in 2021
With a high likelihood of cyberattacks predicted, new Proofpoint survey of UK&I CISOs and CSOs found that the majority (55%) believe that human error is the biggest risk for their organisation
Proofpoint, Inc., (NASDAQ: PFPT) a leading cybersecurity and compliance company, today unveiled the findings of its survey of Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) based in the UK and Ireland, assessing their level of cyber preparedness. The survey revealed that more than half (53%) of CISOs and CSOs in the UK&I reported that their organisation suffered at least one significant cyberattack in 2020, with 14% experiencing multiple attacks.
This trend is not set to slow down, with almost two thirds (64%) expressing concern that their organisation is at risk of an attack in 2021. Those in larger organisations feel at greater threat, with this figure jumping to 89% amongst CSOs and CISOs from organisations over 2,500 employees and 83% from those with 5,000 employees or more. Perhaps more worryingly, over a quarter (28%) of respondents believe an attack in 2021 is unlikely a cause for concern.
Additional key findings from Proofpoint’s study of CISOs/CSOs in the UK&I include:
- Almost half (46%) of CSOs/CISOs in the UK&I consider ransomware the biggest cybersecurity threat to their business in the next two years. This was followed by cloud account compromise (39%), insider threats (33%) and phishing (30%). Worryingly, just under a quarter (24%) of CSOs/CISOs in the UK&I consider impersonation attacks and Business Email Compromise (BEC) attacks as the potential biggest cyber threat. With BEC attacks quickly becoming one of the most expensive cyber risks globally – the FBI estimates the losses due to which at $26.5 billion over three years - this indicates that many IT leaders in the region underestimate the risk.
- The majority of UK&I CISOs/CSOs (55%) believe that human error/lack of cybersecurity awareness is the biggest risk for their business, no matter what cybersecurity solutions are in place. Common employee behaviours likely to result in cyberattacks include clicking on a malicious link or downloading a compromised file (43%), followed by falling victim to phishing emails (39%), intentional leaking of data (35%) and unauthorised use of devices and applications (35%). However, while IT leaders in the UK&I are aware of the risk employees may pose to their business, almost half (44%) stated they did not know who the most at-risk employees in their organisation are.
- Improving employee training and awareness is a top priority, but obstacles remain. Even though human error and lack of cybersecurity awareness pose a high risk to organisations, only 28% of UK&I organisations admit to running a comprehensive training program more than twice a year. However, 73% agree that they need to improve their employee cybersecurity awareness training and, despite the numerous challenges facing CISOs, 49% have made it their number one priority in 2021. Unfortunately, it could be an uphill battle for many CSO/CISOs, as 54% agree that limited time and resources are an obstacle to developing an effective program, and 50% do not feel their board pays enough attention to delivering effective cybersecurity.
- Businesses are still not prepared for secure remote working. In 2021, many businesses are looking at their long-term remote working plans for their employees. Despite most businesses having had nine months to plan and prepare since the beginning of the COVID-19 pandemic, only 22% of CISOs firmly believe that their employees are fully equipped to work remotely which, perhaps, reflects the scramble to enable the business to continue through the pandemic and that corners may have been cut in that rush. This is supported by the fact that 64% of CISOs believe that their organisations are currently more vulnerable to cyber threats as a result of remote working.
- 73% of CSOs/CISOs in the UK&I expect to see their cybersecurity budget increase over the next two years. In fact, 25% expect an increase to their budgets by more than 10%. CSOs/CISOs also reported that investing in hiring new talent and upskilling employees was their second highest priority for 2021 (47%) after improving employee cybersecurity awareness (49%).
“It’s encouraging that the majority of IT leaders are showing awareness of the risks and challenges they face,” said Andrew Rose, Resident CISO (EMEA) at Proofpoint. “However, it is a little concerning to see a that attack vectors such as Business Email Compromise are not as highly prioritised as they could be – given that they are more commonplace than ransomware, and still create massive financial losses. The fact that employee awareness is high on the list of priorities is positive, as regular and comprehensive training is vital to building a security culture, which can protect your firm. A people-centric strategy is a must for organisations, and that starts with identifying the most vulnerable users and ensuring they are equipped with the knowledge and the tools to defend themselves and the business.”
The full report is available at: https://www.proofpoint.com/uk/resources/white-papers/people-centric-cybersecurity-study-it-leaders-uk-ie
The Proofpoint study, conducted by research firm Censuswide in December 2020, surveyed 150 CSO/CISOs from different industries in the UK and Ireland. It explored three key areas: frequency of cyber-attacks, employee and organisational preparedness and challenges to implementing cyber strategies.
About Proofpoint, Inc.
Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web.
More information is available at www.proofpoint.com.
Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.