Human error remains a major vulnerability in cybersecurity. Nearly three-quarters (74 per cent ) of CISOs identify it as the most significant threat. With the rise in insider threats and data loss caused by people
Proofpoint, Inc., a cybersecurity and compliance company, has released its annual Voice of the CISO report for 2024. The report highlights the ongoing challenges, expectations, and priorities of chief information security officers (CISOs) worldwide.
This year’s report reveals a notable trend: while concerns about cyber attacks are increasing, CISOs are becoming more confident in their ability to defend against these threats. According to the survey, 70% of CISOs feel at risk of a material cyber attack in the next 12 months, up from 68% the previous year and 48% in 2022. Despite this, only 43% of CISOs feel unprepared to handle a targeted cyber attack, a significant drop from last year’s 61% and 50% in 2022.
Human error remains a major vulnerability in cybersecurity. Nearly three-quarters (74%) of CISOs identify it as the most significant threat. With the rise in insider threats and data loss caused by people, 80% of CISOs see negligent employees as a key concern over the next two years. However, there is growing optimism about the role of AI-powered solutions in mitigating these risks, reflecting a shift towards technology-driven defenses.
The 2024 Voice of the CISO report is based on survey responses from 1,600 CISOs from organizations with 1,000 or more employees across various industries. Conducted in Q1 2024, the survey included 100 CISOs from each of 16 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, Singapore, South Korea, and Brazil.
The report provides insight into the current state of cybersecurity from those at the forefront of protecting data and defending organizations. It also emphasizes the importance of maintaining strong cybersecurity measures amid economic pressures and the critical role of human factors in organizational cyber readiness. Additionally, it explores the evolving relationship between security leaders and their boards of directors and how this affects security priorities.
Patrick Joyce, global resident CISO at Proofpoint, commented on the findings: “While the cybersecurity landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a pivotal shift towards greater resilience, preparedness and confidence among global CISOs. This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.”
Key findings from Proofpoint’s 2024 Voice of the CISO report include:
Human Error & AI Solutions: Human error is seen as the biggest cyber vulnerability by 74% of CISOs, up from 60% in 2023. However, 86% of CISOs believe employees understand their role in protecting the organization, compared to 61% in 2023 and 60% in 2022. Notably, 87% of CISOs plan to deploy AI-powered tools to mitigate human error and advanced human-centered threats.
Cyber Attack Risks and Preparedness: While 70% of CISOs feel at risk of a material cyber attack in the next year, only 43% feel unprepared to cope with such an attack, a decrease from 61% in 2023 and 50% in 2022.
Generative AI Concerns : 54% of CISOs believe generative AI poses a security risk. The top systems introducing risk are ChatGPT and other generative AI tools (44%), collaboration tools like Slack, Teams, and Zoom (39%), and Microsoft 365 (38%).
Employee Turnover and Data Loss : 46% of CISOs reported dealing with a material loss of sensitive data in the past year, with 73% attributing this to employee turnover. Despite this, 81% believe they have adequate controls to protect their data.
Adoption of DLP Technology and Security Education : 51% of CISOs have data loss prevention (DLP) technology in place, up from 35% in 2023. Additionally, 53% have invested in educating employees on data security best practices, an increase from 39% in 2023.
Top Cyber Threats : The most significant threats perceived by CISOs in 2024 are ransomware (41%), malware (38%), and email fraud (36%). Business email compromise (BEC) has moved down the list, with ransomware and malware taking the top spots.
Ransom Payments and Cyber Insurance : 62% of CISOs believe their organization would pay a ransom to restore systems and prevent data release if attacked, unchanged from last year. However, reliance on cyber insurance has increased, with 79% of CISOs expecting to file claims to recover potential losses, up from 61% in 2023.
Board-CISO Relationship : 84% of CISOs agree that their board members understand and align with them on cybersecurity issues, a significant improvement from 62% in 2023 and 51% in 2022.
CISO Pressures : Despite growing confidence, CISOs still face high pressure. In 2024, 53% reported experiencing burnout, down from 60% last year. 66% feel they face excessive expectations, up from 61% last year and 49% in 2022. Concerns about personal liability remain, with 72% unwilling to join organizations without Directors & Officers (D&O) insurance coverage. The economic downturn has also impacted security investments, with 59% of CISOs being asked to cut staff or delay backfills and reduce budgets.
Ryan Kalember, chief strategy officer at Proofpoint, noted, “As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools. However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.”