A recent survey conducted by cybersecurity firm ProofPoint has revealed that 68% of Chief Information Security Officers (CISOs) across 16 countries fear a cyberattack in the next 12 months, marking a significant return to pandemic-level cybersecurity concerns. This marks an increase from last year when 48% of CISOs felt that they were at risk, and 64% believed that this would be the case in 2021.
“The return to normal operations may imply that CISOs can breathe easier, but the opposite is true,” said Lucia Milică Stacy, Global Resident CISO of Proofpoint. “Compared with last year, CISOs are feeling less prepared to cope with cyberattacks and more at risk, indicating a reversal to the early days of the pandemic.”
The survey, which questioned 100 CISOs from the US, UK, Canada, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, Singapore, South Korea, and Brazil, attributes this anxiety to a number of factors. An elevated threat landscape, data protection challenges, impacted cybersecurity budgets, CISO burnout, and personal liability concerns have all played a role in the increase in anxiety.
This has led CISOs to believe that their organizations are unprepared to cope with a targeted cyberattack, with 61% feeling this way, compared to 50% last year and 66% in 2021. A further cause for concern is that 62% of CISOs said they are willing to pay a ransom to restore systems and prevent data release if attacked by ransomware in the next 12 months. The problems posed by ransomware have been a significant issue for organizations, with 61% already having cybersecurity insurance in place for various types of attacks.
“Profitability at insurance companies offering cyber insurance has already taken a hit due to the raft of ransomware-related payouts in recent years,” said Michael Sampson, senior analyst at Osterman Research. “We have already seen cases where premiums have doubled for half the coverage. It has been becoming more and more expensive to secure cyber insurance. Some are even likely to withdraw completely from offering coverage, given the negative trends.”
When respondents were asked about the biggest cybersecurity threats, email fraud was chosen by 33%, followed by insider threats, cloud account compromise, and distributed denial-of-service (DDoS) attacks, all with 29%. Furthermore, 60% of CISOs said they have had burnout in the past 12 months, while 62% were concerned about personal liability.
Moreover, the survey showed that 82% of security leaders reporting a material loss of sensitive data believed that employees leaving the organization contributed to the loss. Overall, 63% reported such losses in the last 12 months, highlighting the need for better controls to protect data. Only 60% of CISOs believed that they have adequate controls to safeguard their company data. Additionally, 60% of CISOs viewed human error as their organization’s biggest cybersecurity vulnerability, highlighting the need to protect and educate employees.
“Nearly all cybersecurity incidents can be traced to human involvement. Successful attacks almost always involve some user action enabling an attack to stick, and as such incidents continue CISOs will increasingly view protecting and educating their people as a top priority within their organizations,” Stacy said.
In conclusion, cybersecurity concerns have returned to pandemic levels, with a significant percentage of CISOs believing that their organizations are unprepared to cope with the ongoing threat landscape. It is therefore vital that organizations prioritize cybersecurity measures, including adequate training for employees to help mitigate the risk of a cyberattack.