The pandemic introduced an entirely new way of working that delighted many end users, but IT departments and cybersecurity professionals had their work cut out for them as they were required to deploy, manage and secure technologies designed to support distributed work. That shift to distributed work resulted in new cyberattack vectors that had even the most seasoned security professionals gasping for air, but those feelings subsided in 2022 as organizations adapted and adjusted to the new reality.
However, new data from cybersecurity firm Proofpoint suggests that cybersecurity leaders are again at their wits’ end as 68% of chief information security officers (CISOs) now feel at risk for a material cyberattack, compared to just 48% in 2022.
The Sunnyvale, Calif.-based firm says in its 2023 Voice of the CISCO report that this is a shift back to 2021, when 64% of CISOs believed a material cyberattack was imminent.
Similarly, CISOs now feel that their organizations are less prepared for a cyberattack than last year, with Proofpoint’s research showing that 61% feel unprepared for an attack versus 50% that felt the same last year. In 2021, 66% of CISOs said their organizations were unprepared.
The report, the results of a survey from more than 1,600 cybersecurity leaders across 16 countries, essentially concludes that CISOs no longer feel the sense of calm they briefly experienced after the initial onslaught of attacks and distributed infrastructure during the pandemic.
Why are CISOs less confident than they were in 2022?
Proofpoint’s 2023 Voice of the CISO report finds that several factors are contributing to a less-than-ideal confidence among security leaders, including a possible economic downturn, employe turnover, increasing threats and unreasonable job expectations.
According to the study, email fraud, insider threats, cloud account compromise and DDoS attacks were the four most concerning threat categories cited by CISOs this year, and it is largely unchanged from last year.
However, the research also suggests that cyber awareness among employees continues to lack, as 60% of CISOs say human error is their organization’s biggest cyber vulnerability, compared to 56% and 58% who said the same in 2022 and 2021, respectively.
In addition, just 61% of CISOs believe employees understand their role in helping prevent cyberattacks.
CISOs also feel that the loss of sensitive data is exacerbated by employee turnover, with 63% of security leaders reporting having to deal with a material loss of sensitive data in the past 12 months. Of those, 82% agreed that employee turnover contributed to the loss.
Security leaders are clearly feeling more pressured, with 61% reporting they face unreasonable job expectations, a significant increase from 49% who said the same last year. That is leading to 62% saying they are concerned about personal liability and 60% reporting burnout in the past 12 months.
“Back to ‘business as usual’, they are less assured in their organization’s abilities to defend against cyber risk,” says Lucia Milică Stacy, global resident CISO at Proofpoint. “Our 2023 Voice of the CISO report reveals that amidst the rising difficulties of protecting their people and defending data, CISOs are being tested at a personal level with higher expectations, burnout, and uncertainty about personal liability.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!