A recent survey conducted by Proofpoint revealed that 73% of board members believe they are at risk of a major cyber attack in the next 12 months. This is a notable increase from 65% in the previous year, indicating a growing concern among board members about the escalating threat of cyber attacks.
The survey also discovered that 53% of board members feel unprepared to cope with a targeted attack, up from 47% in the previous year. This suggests that despite an increased awareness of the risks, many organizations are still struggling to develop effective strategies to protect themselves from cyber threats.
One potential factor contributing to the heightened concerns among board members is the emerging risk of artificial intelligence (AI) tools. The survey found that 59% of board members view generative AI, such as ChatGPT, as a security risk for their organization. This highlights the evolving nature of cyber threats and the need for organizations to adapt their cybersecurity strategies accordingly.
Despite these concerns, the survey also revealed that board members are taking cybersecurity seriously. A majority of board members (73%) view cybersecurity as a priority and believe that their board clearly understands the cyber risks they face (72%). Additionally, 70% of board members feel that they have adequately invested in cybersecurity.
However, Ryan Kalember, EVP of cybersecurity strategy at Proofpoint, cautions that this newfound alignment between board members and CISOs (Chief Information Security Officers) has not yet translated into significant changes in cybersecurity posture. While there is increased awareness and funding for cybersecurity, organizations still struggle to effectively implement these investments and protect themselves from cyber attacks.
The survey also examined specific concerns of board members regarding cyber threats. Malware was ranked as the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%). These concerns closely align with the top concerns of CISOs, which include email fraud/BEC, insider threat, and cloud account compromise.
Another area of concern for both board members and CISOs is personal liability in the event of a cybersecurity incident. 72% of board members expressed concern about personal liability, while 62% of CISOs agreed. This highlights the growing recognition of the potential legal and financial consequences of a cyber attack.
While board members and CISOs are generally aligned in their views on cybersecurity, there is still room for improvement in their relationships. The survey found that 53% of directors regularly interact with security leaders, an increase from the previous year but still leaving nearly half of all boardrooms without strong CISO-C-suite relationships. Strengthening these relationships can lead to more productive conversations and better-informed decision-making regarding cybersecurity.
In conclusion, the survey conducted by Proofpoint highlights the growing concerns among board members about the risk of cyber attacks. Despite increased awareness and funding for cybersecurity, many organizations still feel unprepared to cope with targeted attacks. The emerging risk of AI tools and the potential for personal liability in the event of a cyber attack further contribute to these concerns. Strengthening relationships between board members and CISOs is crucial for organizations to develop effective cybersecurity strategies and protect themselves from evolving cyber threats.