CISO confidence rises, but problems still exist


New research reveals how global CISOs are responding to COVID-19 and their plans for 2022-2023.

The epidemic has become a “black swan” event. Its impact has hit the global economy hard and, on the Internet, allowed cybercriminals to strengthen their dirty work and extortion millions of dollars. Today, despite measures taken to prevent them, many organizations around the world still worry about being vulnerable to online attacks.

This is the result of a survey of approximately 1,400 CISOs from all over the world disclosed by Proofpoint in its 2021 “Voice of CISO” report. The report also describes the work done by security leaders to fight the pandemic and their views on the next two. Year’s plan.

A staggering 64% of CISOs suspect that their company will suffer a major cyber attack in the next 12 months. Among them, one-fifth of people think this risk is high. However, there are major regional differences in opinions. CISOs in the UK (81%) and Germany (79%) are the most worried about attacks; their counterparts in Singapore (44%), Canada, and Spain (50% each) are the least worried.

Retail CISOs are particularly concerned. Eight out of ten (83%) respondents believe that their company may be at risk of cyber attacks, the highest among all vertical industries surveyed.

CISO feels unprepared to defend against attacks
The most worrying finding of the report is that two-thirds of CISOs believe their organizations are not prepared to withstand cyber attacks. The Dutch (81%) considered the least preparation, followed by Germany and Sweden (79%).

The rapid deployment of remote environments, users working from home, widespread anxiety related to the global pandemic, and hordes of cybercriminals taking advantage of this situation ensure that careful planning and deployment are often sacrificed to support last-minute band-aid measures. Most CISOs believe that despite their best efforts to increase the organization’s cyber resilience, their confidence and overall sense of peace of mind in these measures is worse than in 2020, so this idea is best reflected. Today, more than half of CISOs are more worried about the consequences of cyber attacks in 2021 than last year. One quarter (25%) strongly agree with this statement.

The most worrying attacks are corporate email breach (BEC) (34%) and cloud account breach (33%), followed by insider threats (31%) and distributed denial of service (DDoS) attacks (30%).

Human Factors
Most CISOs (58%) said that human error is their company’s biggest weakness, which shows that a security strategy based on automation and machine learning is the way to go. However, human error is not the only source of security problems. Less than two-thirds of CISOs are less optimistic about their organization’s ability to detect cyber attacks or data breaches. Therefore, they feel that they are neither prepared nor capable of responding to modern threat situations.

CISO and board of directors
Many CISOs believe that they lack board support. Of the global CISOs surveyed by the report, less than two-thirds said they agreed with the board’s cybersecurity approach. 57% of respondents said they had too high expectations for their role.

59% of global CISOs stated that their reporting relationship hinders their work efficiency. This view is most common in the technical field, with three quarters of CISOs expressing this view. In the public sector, this issue is less urgent; here, only 38% of people think reporting is a burden.

The obvious distance between them and their top-level colleagues makes many CISOs feel that they cannot do their job to the best of their ability. Nearly half of people don’t think their organization is helping them succeed. To make matters worse, 24% of CISOs strongly agree with this situation.

A big leap in network security
The CISO’s ability to balance agility and security will become more important in the future. Now, more and more organizations know what remote work brings in terms of cost savings and flexibility, and many organizations are likely to adopt a mixed work model in the future. But CISOs need to convince their boards that the viable methods they have used in the past year are not enough in the long run. Fortunately, they will have plenty of evidence to support this claim. 69% of CISOs from large enterprises (more than 5,000 employees) stated that after implementing remote work, their workplaces are more frequently targeted. The industries most affected include IT, technology and telecommunications (69%).

The reason is obvious. More reliance on the network and the availability and integrity of IT means more susceptibility to cyber attacks. This explains why 63% of CISOs believe that cybercrime will be more profitable in the next two years, and those who are victims may suffer greater consequences. Roughly the same percentage of CISOs suspect that penalties for security breaches will increase in 2022 and 2023.

Optimistic outlook for 2022-2023
Although many CISOs stated that they worked hard to maintain organizational security last year, most CISOs hope that the situation will improve in the next few years. Despite this, they still feel the pressure of unrealistic expectations. More board-level support and cybersecurity oversight will help reduce this pressure.

Two-thirds (65%) of CISOs globally believe that if they are equipped with appropriate resources and strategies, by 2022 to 2023, they will be able to better respond to and recover from cyber attacks. other. About three-quarters (74%) of retail CISOs believe that they will be in a better security position by 2023. CISOs in the transportation and media industry (56%) are not very hopeful. French CISOs are the most pessimistic; only 25% are optimistic about their organization’s medium-term security prospects. CISOs in the UAE (77%), Germany (76%) and the United States (73%) strongly or somewhat agree that the organization will be able to resist and recover better within two years. 64% of CISO respondents predict that public awareness of cybersecurity risks will increase.

Marc Wilczek is a columnist and recognized thought leader dedicated to helping organizations advance their digital agenda and achieve higher levels of innovation and productivity through technology.In the past 20 years, he has held various senior leadership positions… View full resume

Recommended reading:

More insights

Related Articles

Back to top button