Proofpoint’s 2024 Voice of the CISO Report Reveals that Three-Quarters of CISOs Identify Human Error as Leading Cybersecurity Risk
21 Mayo 2024 - 3:55AM
Business Wire
To mitigate this area of vulnerability, 87% of
CISOs are turning to AI-powered technology to protect against human
error and block advanced human-centric cyber threats
Proofpoint, Inc., a leading cybersecurity and compliance company
today released its annual Voice of the CISO report, which explores
key challenges, expectations and priorities of chief information
security officers (CISOs) worldwide.
The 2024 report draws attention to a notable trend: while fears
of cyber attacks continue to rise, CISOs demonstrate increasing
confidence in their ability to defend against these threats,
reflecting a significant shift in the cybersecurity landscape. Over
two-thirds (70%) of surveyed CISOs feel at risk of a material cyber
attack over the next 12 months, compared to 68% the year before,
and 48% in 2022. CISOs today clearly remain on high alert, but
confidence among them is growing: just 43% feel unprepared to cope
with a targeted cyber attack, showing a marked decrease over last
year’s 61% and 50% in 2022.
Human error continues to be perceived as the Achilles' heel of
cybersecurity, with almost three-quarters (74%) of CISOs
identifying it as the most significant vulnerability. In a year of
growing insider threats and people-driven data loss, more CISOs
than ever (80%) see human risk, in particular negligent employees
as a key cybersecurity concern over the next two years. However,
there's growing optimism in the role of AI-powered solutions to
mitigate human-centric risks, reflecting a strategic pivot towards
technology-driven defenses.
The 2024 Voice of the CISO report examines global third-party
survey responses from 1,600 CISOs from organizations of 1,000
employees or more across different industries. Throughout the
course of Q1 2024, 100 CISOs were interviewed in each market across
16 countries: the U.S., Canada, the UK, France, Germany, Italy,
Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan,
Singapore, South Korea, and Brazil.
The report offers a vital perspective on the state of
cybersecurity from those at the forefront of protecting people and
defending data. The report also stresses the importance of
maintaining robust cybersecurity measures in the face of economic
pressures and the critical role of human factors in organizational
cyber readiness. The survey also measures the changes in alignment
between security leaders and their boards of directors, exploring
how their relationship impacts security priorities.
“While the cybersecurity landscape continues to evolve with
increasing human-centric threats, the 2024 Voice of the CISO report
highlights what appears to be a pivotal shift towards greater
resilience, preparedness and confidence among global CISOs,” said
Patrick Joyce, global resident CISO at Proofpoint. “This year’s
findings underscore a collective move towards strategic defenses,
including enhanced education, technological adoption, and an
adaptive approach to emerging threats like generative AI.”
Key global findings from Proofpoint’s 2024 Voice of the CISO
report include:
- Human error still tops cyber vulnerability threats, but
CISOs turn to AI solutions to help. This year, we are seeing an
uptick in the number of CISOs who view human error as their
organization’s biggest cyber vulnerability—74% in this year’s
survey vs. 60% in 2023. However, 86% of CISOs believe that
employees understand their role in protecting the organization.
This confidence is higher than in previous years—61% in 2023 and
60% in 2022. This may be attributed to the 87% of CISOs surveyed
looking to deploy AI-powered capabilities to help protect against
human error and advanced human-centered cyber threats.
- More CISOs fear cyber attacks but fewer feel unprepared,
showing growing confidence in their security measures.
In 2024, 70% of CISOs surveyed feel at risk of experiencing a
material cyber attack in the next 12 months, compared to 68% in
2023 and 48% in 2022. However, just 43% feel their organization is
unprepared to cope with a targeted cyber attack, compared to 61% in
2023 and 50% in 2022.
- Generative AI tops CISOs security concerns. In 2024, 54%
of CISOs surveyed believe that generative AI poses a security risk
to their organization. The top three systems CISOs view as
introducing risk to their organizations are: ChatGPT/other genAI
(44%), Slack/Teams/Zoom/other collaboration tools (39%) and
Microsoft 365 (38%).
- Employee turnover is still a concern, yet CISOs trust their
defenses. In 2024, 46% of security leaders reported having to
deal with a material loss of sensitive data in the past 12 months,
and of those, 73% agreed that employees leaving the organization
contributed to the loss. Despite those losses, 81% of CISOs believe
they have adequate controls to protect their data.
- The majority of CISOs have adopted DLP technology and
invested more in security education. 51% of CISOs surveyed in
2024 have data loss prevention technology (DLP) in place compared
to just 35% in 2023. More than half (53%) of CISOs surveyed
invested in educating employees on data security best practices
which is higher in 2024 compared to 2023 (39%).
- Ransomware and malware top CISOs concerns. The biggest
cybersecurity threats perceived by CISOs in 2024 are ransomware
attacks (41%), malware (38%) and email fraud (36%). These top
threats are different from last year; business email compromise
(BEC) moved down from the first spot, ransomware moved up to first
place and malware up to second place.
- Steady stance on ransom payments with increased reliance on
cyber insurance. In 2024, there’s no change from CISOs’
view on paying a ransom. 62% of CISOs believe their organization
would pay to restore systems and prevent data release if attacked
by ransomware in the next 12 months. 79% of CISOs said they would
rely on cyber insurance claims to recover potential losses
incurred, compared to 61% in 2023.
- The Board-CISO relationship has improved significantly.
In 2024, 84% of CISOs agree their board members see eye-to-eye with
them on cybersecurity issues. This is a significant jump from 62%
in 2023, and 51% in 2022.
- CISOs pressures are unrelenting. In 2024, 53% of
CISOs admitted to burnout compared to 60% last year, while 66% feel
they face excessive expectations, a steady increase from 61% last
year and 49% in 2022. The sustainability of the ongoing
expectations on CISOs continues to be tested—66% are concerned
about personal liability (62% in 2023) and 72% (61% in 2023) would
not join an organization that does not offer Directors &
Officers (D&O) insurance coverage. In addition, 59% of CISOs
agreed that the current economic downturn has hampered their
ability to make business-critical investments, with 48% of them
being asked to cut staff or delay backfills as well as reduce
security budgets.
“As we navigate through the complexities of today’s cyber threat
environment, it’s encouraging to see CISOs gaining confidence in
their strategies and tools,” commented Ryan Kalember, chief
strategy officer at Proofpoint. “However, the ongoing challenges of
employee turnover, pressure on resources, and the need for
continuous board engagement remind us that vigilance and adaptation
are key to our collective cyber resilience.”
To download the 2024 Voice of the CISO report, please visit:
https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report
About Proofpoint, Inc.
Proofpoint, Inc. is a leading cybersecurity and compliance
company that protects organizations’ greatest assets and biggest
risks: their people. With an integrated suite of cloud-based
solutions, Proofpoint helps companies around the world stop
targeted threats, safeguard their data, and make their users more
resilient against cyber attacks. Leading organizations of all
sizes, including 85 percent of the Fortune 100, rely on Proofpoint
for people-centric security and compliance solutions that mitigate
their most critical risks across email, the cloud, social media,
and the web. More information is available at
www.proofpoint.com.
Connect with Proofpoint: X | LinkedIn | Facebook | YouTube
Proofpoint is a registered trademark or tradename of Proofpoint,
Inc. in the U.S. and/or other countries. All other trademarks
contained herein are the property of their respective owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240521590747/en/
PROOFPOINT MEDIA CONTACT: Estelle Derouet Proofpoint,
Inc. pr@proofpoint.com