May 23, 2024 at 09:37AM
A survey of 1,600 CISOs reveals heightened concern over cyber attacks, with 70% fearing a material attack in the next 12 months. The annual report by Proofpoint also notes an increase in worries about ransomware, malware, and email fraud. Additionally, unrealistic expectations and burnout are causing stress among CISOs, despite some positive trends.
The meeting notes indicate that there is heightened concern among Chief Information Security Officers (CISOs) regarding the risk of a material cyber attack, with 70% of CISOs surveyed worrying about such an attack within the next 12 months. This represents an increase from previous years (68% the year prior and 48% in 2022). It is also noted that nearly a third (31%) of CISOs believe a significant attack is “very likely.” The survey was conducted by Proofpoint and encompassed CISOs from organizations across 16 countries.
Sleeplessness among CISOs is indicated, with top concerns being ransomware, malware, email fraud, cloud account compromise, insider threats, and distributed denial of service attacks. Notably, 43% of CISOs expressed that their organizations are unprepared for an attack, though this is an improvement from 61% last year.
The survey also revealed that in the case of a ransomware infection, 62% of CISOs indicated they would likely pay to restore systems or prevent attackers from leaking stolen data. Furthermore, there are growing concerns about excessive expectations and unrealistic pressures placed on CISOs, with over half (53%) having experienced or witnessed burnout over the past 12 months.
Despite some encouraging trends, such as increased cyber security representation at the board level and closer alignment between CISOs and board members, the report also highlighted a growing number of CISOs lamenting excessive expectations and concerns about personal, financial, and legal liability in their role. Additionally, high-profile legal battles involving CISOs are contributing to the concerns and stress experienced in this role.
In conclusion, the meeting notes provide insights into the challenges and worries faced by CISOs globally, emphasizing the need for support and realistic expectations within the cybersecurity industry.