Proofpoint, Inc., a leading cybersecurity and compliance company, today released its annual Voice of the CISO report, which surveys the top challenges, expectations and priorities of chief information security officers (CISOs) around the world.
The 2024 report points out notable trends. While fears of cyber attacks continue to grow, CISOs are becoming more confident in their ability to defend against these threats, reflecting a major shift in the cybersecurity landscape. Two-thirds (67%) of Singaporean CISOs surveyed feel they are at risk of a significant cyber attack in the next 12 months, up from 80% last year. CISOs today are clearly more cautious, but their confidence is growing. Only 36% feel unprepared to handle targeted cyber attacks, a significant decrease from 55% last year and 39% in 2022.
Human error remains viewed as cybersecurity's greatest weakness, with two-thirds (67%) of Singapore CISOs identifying it as their most critical vulnerability. With insider threats and human-caused data loss on the rise in the past year, 84% of CISOs believe that human risks, especially careless employees, are their primary cybersecurity concern over the next two years. However, there is growing optimism about the role of AI-powered solutions in mitigating human-centric risks, reflecting a strategic shift toward technology-led defense.
The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organizations with more than 1,000 employees across a range of industries. Throughout Q1 2024, 100 CISOs were interviewed in each of 16 markets: US, Canada, UK, France, Germany, Italy, Spain, Sweden, Netherlands, UAE, Saudi Arabia, Australia, Japan, Singapore, South Korea and Brazil.
The report offers important perspectives on the current state of cybersecurity from those on the front lines of protecting people and data. It also highlights the importance of maintaining a strong cybersecurity posture in the face of economic pressures, and the critical role of the human factor in an organization's cyber response. The survey also measures the shift in alignment between security leaders and their boards of directors, exploring how their relationship is impacting security priorities.
“While the cybersecurity landscape continues to evolve with an increase in human-centric threats, our 2024 Voice of the CISO report highlights a significant shift toward greater resilience, preparedness and confidence among CISOs around the world,” said Patrick Joyce, global resident CISO at Proofpoint. “This year's survey results highlight a collective movement toward strategic defense, including increased education, technology adoption and adaptive approaches to emerging threats like generative AI.”
Key findings for Singapore in Proofpoint's 2024 Voice of the CISO report include:
- While human error remains the top cyber vulnerability threat, CISOs are turning to AI solutions. This year, an increasing number of CISOs in Singapore consider human error their organization's biggest cyber vulnerability, from 67% in this year's survey to 60% in 2023. However, 92% of CISOs believe that employees understand their role in protecting the organization. This confidence is higher than in past years, at 61% in 2023 and 60% in 2022. This can be attributed to 86% of CISOs surveyed wanting to adopt AI-powered capabilities to protect against human error and advanced human-centric cyber threats.
- While CISOs continue to fear cyber attacks, fewer feel unprepared, indicating increased confidence in their security measures. In 2024, 67% of CISOs surveyed in Singapore feel at risk of experiencing a significant cyber attack within the next 12 months, compared to 80% in 2023 and 64% in 2022. However, only 36% feel unprepared to handle a targeted cyber attack, compared to 55% in 2023 and 39% in 2022.
- While employee turnover remains a concern, CISOs have confidence in their company's defenses: In 2024, 32% of security leaders in Singapore reported they had to deal with a significant loss of sensitive data in the past 12 months, and of those, 63% agreed that an employee leaving their organization contributed to the loss. Despite these losses, 94% of CISOs believe they have the right controls in place to protect data.
- The majority of CISOs are adopting DLP technology and increasing investment in security education: 61% of Singaporean CISOs surveyed in 2024 have deployed data loss prevention technology (DLP), compared to just 35% in 2023. More than three-quarters (79%) of CISOs surveyed have invested in educating their employees on data security best practices, which is higher in 2024 compared to 2023 (42%).
- Ransomware and malware are top concerns for CISOs: The top cybersecurity threats identified by Singaporean CISOs this year are ransomware attacks (45%), malware (45%), and email fraud (34%). These top threats are different from last year, when CISOs identified cloud account compromise (Microsoft 365, G Suite, etc.), insider threats (accidental, accidental, criminal), and malware as the top threats.
- Reluctance to pay ransoms and increased reliance on cyber insurance. In 2024, 47% of Singaporean CISOs believe their organization would pay a ransom to restore systems and prevent data loss if hit by a ransomware attack in the next 12 months (72% in 2023). Additionally, 78% of CISOs say they would rely on a cyber insurance claim to recover from potential losses incurred, up from 60% in 2023.
- Generative AI is the top security concern for CISOs: 52% of CISOs surveyed in Singapore in 2024 believe generative AI poses security risks to their organizations. The top three systems that CISOs believe pose risk to their organizations are ChatGPT/other genAI (54%), Slack/Teams/Zoom/other collaboration tools (43%), and Microsoft 365 (36%).
- The relationship between the board and the CISO has improved significantly: in 2024, 81% of CISOs in Singapore say their board members are aligned with them on cybersecurity issues. This is a significant increase from 60% in 2023 and 44% in 2022.
- The pressure on CISOs is unrelenting: 49% of Singapore CISOs admit to burnout in 2024, up from 70% last year. And 74% feel they face excessive expectations, steadily increasing from 67% last year and 35% the year before that. The sustainability of ongoing expectations of CISOs continues to be tested: 69% are concerned about personal liability (56% in 2023), and 71% (59% in 2023) would not join an organization that does not offer directors and officers (D&O) insurance. Additionally, 51% of CISOs agree that the current economic downturn is hindering their ability to make business-critical investments, with 40% being asked to cut staff, postpone replacements, or reduce security budgets.
“It's encouraging to see CISOs gaining confidence in their strategies and tools as they navigate the complexities of today's cyber threat environment,” commented Ryan Kalember, chief strategy officer at Proofpoint. “Yet ongoing challenges like employee turnover, pressure on resources, and the need for continued board engagement are a reminder that vigilance and adaptation are key to our collective cyber resilience.”
