Proofpoint’s 2024 Voice of the CISO Report: More Than Two-Thirds of CISOs in Saudi Arabia Feel Prepared for Targeted Cyber Attacks

VOTC-PR-Banner

96% of CISOs in Saudi Arabia are turning to AI-powered technology to protect against human error and block advanced human-centric cyber threats

Riyadh, KSA, May 21, 2024Proofpoint, Inc., a leading cybersecurity and compliance company today released its annual Voice of the CISO report, which explores key challenges, expectations and priorities of chief information security officers (CISOs) worldwide.

The 2024 report draws attention to a notable trend: while fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape. Over two-thirds (67%) of surveyed CISOs in Saudi Arabia feel at risk of a material cyber attack over the next 12 months, compared to 55% the year before and 27% in 2022. CISOs today clearly remain on high alert, but confidence among them is growing: just 33% of CISOs in Saudi Arabia feel unprepared to cope with a targeted cyber attack, showing a marked decrease over last year’s 49% and 28% in 2022.

Human error continues to be perceived as the Achilles' heel of cybersecurity, with more than three-quarters (84%) of CISOs surveyed in Saudi Arabia identifying it as the most significant vulnerability, the highest rate amongst all countries surveyed. In a year of growing insider threats and people-driven data loss, more CISOs than ever (82%) see human risk, in particular negligent employees as a key cybersecurity concern over the next two years. However, there's growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic pivot towards technology-driven defenses.

The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organizations of 1,000 employees or more across different industries. Throughout the course of Q1 2024, 100 CISOs were interviewed in each market across 16 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, Singapore, South Korea, and Brazil.

The report offers a vital perspective on the state of cybersecurity from those at the forefront of protecting people and defending data. The report also stresses the importance of maintaining robust cybersecurity measures in the face of economic pressures and the critical role of human factors in organizational cyber readiness. The survey also measures the changes in alignment between security leaders and their boards of directors, exploring how their relationship impacts security priorities.

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs in Saudi Arabia gaining confidence in their strategies and tools,” commented Emile Abou Saleh, Senior Regional Director, Middle East, Turkey, and Africa at Proofpoint. “However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.”

Key global findings from Proofpoint’s 2024 Voice of the CISO for Saudi Arabia report include:

  • Human error still tops cyber vulnerability threats but CISOs in Saudi Arabia turn to AI solutions to help. This year, we are seeing an uptick in the number of CISOs in Saudi Arabia who view human error as their organization’s biggest cyber vulnerability—84% in this year’s survey vs. 60% in 2023. However, 94% of CISOs believe that employees understand their role in protecting the organization. This confidence is higher than in previous years—40% in 2023 and 43% in 2022. This may be attributed to the 96% of CISOs surveyed looking to deploy AI-powered capabilities to help protect against human error and advanced human-centered cyber threats.
  • More CISOs in Saudi Arabia fear cyber attacks but fewer feel unprepared, showing growing confidence in their security measures. In 2024, 67% of CISOs surveyed in Saudi Arabia feel at risk of experiencing a material cyber attack in the next 12 months, compared to 55% in 2023 and 27% in 2022. However, just 33% feel their organization is unprepared to cope with a targeted cyber attack, compared to 49% in 2023 and 28% in 2022.
  • Generative AI tops CISOs security concerns in Saudi Arabia. In 2024, 47% of CISOs surveyed in Saudi Arabia believe that generative AI poses a security risk to their organization. The top three systems CISOs view as introducing risk to their organizations are: ChatGPT/other genAI (55%), perimeter network device (55%) and Microsoft 365 (37%).
  • Employee turnover is still a concern, yet CISOs in Saudi Arabia trust their defenses. In 2024, 31% of security leaders in Saudi Arabia reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 52% agreed that employees leaving the organization contributed to the loss. Despite those losses, 92% of CISOs believe they have adequate controls to protect their data.
  • The majority of CISOs in Saudi Arabia have adopted DLP technology and invested more in security education. 64% of CISOs surveyed in Saudi Arabia in 2024 have data loss prevention technology (DLP) in place, compared to just 37% in 2023. More than half (55%) of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (36%).
  • BEC and cloud account compromise top CISOs concerns in Saudi Arabia. The biggest cybersecurity threats perceived by CISOs this year in Saudi Arabia are business email compromise (BEC) (50%), cloud account compromise (Microsoft 365 or G Suite or other) (42%) and insider threat (negligent, accidental, or criminal) (37%). These top threats are different from last year in which CISOs perceived malware, insider threats (negligent, accidental or criminal), ransomware attacks and email fraud as the biggest threats.
  • Increased willingness to make ransom payments, with increased reliance on cyber insurance. In 2024, 83% (37% in 2023) of CISOs in Saudi Arabia believe their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. 91% of CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 49% in 2023.
  • The Board-CISO relationship has improved significantly in Saudi Arabia. In 2024, 95% of CISOs in Saudi Arabia agree their board members see eye-to-eye with them on cybersecurity issues. This is a significant jump from 45% in 2023, and 28% in 2022.
  • Pressures on CISOs in Saudi Arabia are unrelenting. In 2024, 34% of CISOs in Saudi Arabia admitted to burnout compared to 39% last year, while 88% feel they face excessive expectations, a steady increase from 51% last year and 28% in 2022. The sustainability of the ongoing expectations of CISOs continues to be tested—47% are concerned about personal liability (43% in 2023) and 77% (45% in 2023) would not join an organization that does not offer Directors & Officers (D&O) insurance coverage. In addition, 58% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 34% of them being asked to cut staff or delay backfills as well as reduce security budgets.

“While the cybersecurity landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a pivotal shift towards greater resilience, preparedness and confidence among global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint. “This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.”

To download the 2024 Voice of the CISO report, please visit: https://www.proofpoint.com/uk/resources/white-papers/voice-of-the-ciso-report

### 

About Proofpoint, Inc. 

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. 

Connect with Proofpoint: X | LinkedIn | Facebook | YouTube 

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.