According to Proofpoint, while fears of cyber attacks continue to grow, CISOs are becoming more confident in their ability to defend against these threats, reflecting a larger shift in the cybersecurity landscape.
CISO confidence is growing despite fears of cyber attacks
70% of CISOs surveyed believe they are at risk of a significant cyber attack in the next 12 months, up from 68% last year and 48% in 2022. CISOs today are clearly more cautious, but their confidence is growing: only 43% feel unprepared to handle a targeted cyber attack, a significant decrease from 61% last year and 50% in 2022.
Human error remains viewed as cybersecurity's biggest weakness, with 74% of CISOs identifying it as their most critical vulnerability. After a year in which insider threats and human-caused data loss have increased, more CISOs than ever before (80%) believe that human risk, especially careless employees, will be their primary cybersecurity concern over the next two years.
However, reflecting a strategic shift towards technology-driven defence, there is growing optimism about the role of AI-powered solutions to mitigate human-centric risks.
“While the cybersecurity landscape continues to evolve with an increase in human-centric threats, our 2024 Voice of the CISO report indicates we are seeing a significant shift among CISOs around the world toward greater resilience, preparedness and confidence,” said Patrick Joyce, global resident CISO at Proofpoint. “This year's survey results highlight a collective movement toward strategic defense, including increased education, technology adoption and adaptive approaches to emerging threats like generative AI.”
CISOs concerned about AI security threats
This year, there has been an increase in the number of CISOs who see human error as their organization’s biggest cyber vulnerability, from 74% in this year’s survey to 60% in 2023. However, 86% of CISOs believe employees understand their role in protecting the organization.
This confidence is higher than in past years, at 61% in 2023 and 60% in 2022. This can be attributed to the fact that 87% of CISOs surveyed want to deploy AI-powered capabilities to protect against human error and advanced human-centric cyber threats.
In 2024, 70% of CISOs surveyed believe they are at risk of experiencing a significant cyberattack within the next 12 months, compared to 68% in 2023 and 48% in 2022. However, only 43% of CISOs feel unprepared to handle a targeted cyberattack, compared to 61% in 2023 and 50% in 2022.
54% of surveyed CISOs believe generative AI poses security risks to their organizations. The top three systems CISOs believe pose risk to their organizations are ChatGPT/other GenAI (44%), Slack/Teams/Zoom/other collaboration tools (39%), and Microsoft 365 (38%).
46% of security leaders report having to deal with a significant loss of sensitive data in the past 12 months, and of those, 73% agree that an employee leaving their organization contributed to the loss. Despite these losses, 81% of CISOs believe they have adequate controls in place to protect data.
51% of CISOs surveyed in 2024 have implemented data loss prevention technologies (DLP), compared to just 35% in 2023. 53% of CISOs surveyed have invested in educating employees on data security best practices, which is an increase in 2024 compared to 2023 (39%).
Ransomware and malware are top concerns for CISOs
The biggest cybersecurity threats identified by CISOs in 2024 are ransomware attacks (41%), malware (38%), and email fraud (36%). These top threats have changed from last year, with business email compromise (BEC) dropping from first place, ransomware moving up to first place, and malware moving up to second place.
In 2024, CISOs' views on paying ransoms remain unchanged: 62% of CISOs believe their organization would pay the ransom to restore systems and prevent data exposure if hit by a ransomware attack in the next 12 months. 79% of CISOs say they would rely on a cyber insurance claim to recover from potential losses incurred, up from 61% in 2023.
84% of CISOs agree that board members are aligned with them on cybersecurity issues, up significantly from 62% in 2023 and 51% in 2022.
In 2024, 53% of CISOs admit to burnout, up from 60% last year, and 66% feel they face excessive expectations, up steadily from 61% last year and 49% in 2022. The sustainability of ongoing expectations for CISOs continues to be tested, with 66% concerned about personal liability (62% in 2023) and 72% (61% in 2023) saying they would not join an organization that did not offer directors and officers (D&O) insurance.
Additionally, 59% of CISOs agree that the current economic downturn is hindering their ability to make business-critical investments, with 48% being forced to cut staffing, postpone backfills, or reduce security budgets.
“It's encouraging to see CISOs gaining confidence in their strategies and tools as they navigate the complexities of today's cyber threat environment,” commented Ryan Kalember, chief strategy officer at Proofpoint. “Yet ongoing challenges like employee turnover, pressure on resources, and the need for continued board engagement are a reminder that vigilance and adaptation are key to our collective cyber resilience.”
The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organizations with more than 1,000 employees across a range of industries.
