Two out of three information security officials (CISOs) worldwide believe their organization is unprepared to deal with a cyberattack, according to a new study.
According to other research pointing to remote work as a consequent security risk, just under three in five CISOs consider human error to be their biggest cyber responsibility, according to the report 206 Voice of the CISO from the security provider. The COVID-19 pandemic has challenged CISOs like never before, said the security provider based in Sunnyvale, California.
“Last year, cybersecurity teams around the world were challenged to improve their security stance in this new and changing landscape, literally overnight,” said Lucia Milică, CISO global resident at Proofpoint . “This required a balance between supporting remote work and avoiding business disruption, while protecting these environments,” he said.
The main conclusions of the survey according to the numbers:
- 64%: CISOs believe their organizations could suffer a material cyberattack in the next 12 months. At the top of the list are corporate email engagement (34%), cloud account engagement (33%), and privileged threats (31%). It should be noted that supply chain attacks came in fifth place with 29% and ransomware seventh with 27%.
- 66%: CISOs believe their organization is unprepared to deal with a targeted cyber attack in 2021.
- 53%: CISOs are more concerned about the repercussions of a cyberattack in 2021 than in 2020.
- 58%: Global CISOs continue to view human error as their organization’s biggest cyber vulnerability, including informal criminal attacks and clicking malicious links or downloading compromised files as the most likely way to what employees put their business at risk.
- 58%: CISOs agree that remote work has made their organization more vulnerable to targeted cyberattacks.
- 60%: CISOs have seen an increase in targeted attacks in the last 12 months.
- 63%: CISOs believe that cybercrime will be even more profitable for attackers.
- 60%: CISOs believe that cybercrime will be more risky for cybercriminals.
- 65%: CISOs believe they will be able to better resist and recover from cyberattacks in 2023.
- 35%: Basic security controls (35%), support for remote work (33%), security awareness (32%) and security automation (32%), three top priorities for global CISOs over the next two years .
- 57%: Global CISOs agree that expectations about their function are excessive.
- 25%: Global CISOs strongly agree that their board sees them fully on cybersecurity issues.
- 11%: The overall amount of CISO expects its cybersecurity budget to increase over the next two years.
“The“ good enough ”approach of the last twelve months just won’t work in the long run,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint. “With companies unlikely to ever return to pre-pandemic work practices, the mandate to strengthen cybersecurity defenses has never been so urgent,” he said. “CISOs have a critical role to play for the business, now more than ever.”
To compile the results of the study the input of about 1,400 CISOs of medium and large organizations in various industries was used to compile the results of the study. The survey focused on three areas:
- Risk of threat and types of cyber attacks that CISOs fight daily.
- Levels of preparation of employees and the organization to deal with them.
- Impact of supporting a hybrid workforce as companies prepare to reopen their corporate offices.