Two-thirds of CISOs say their organizations aren't ready for cyberattacks: survey
More than a year after the outbreak of the pandemic that forever changed the threat landscape, a survey finds that 66% of chief information security officers feel that their organizations are not prepared to deal with attacks by malicious actors
Cybertech
| 29/05/2021
Photo: Bigstock
As many as two thirds of chief information security officers say that their organizations are not ready for cyberattacks, according to a recently-released survey of over 1,400 CISOs in 14 countries.
More than a year after the outbreak of the pandemic that forever changed the threat landscape, 66% feel their organization is unprepared to cope with a targeted cyberattack in 2021, while 53% are more concerned about the repercussions of such an attack this year than they were in 2020, said U.S.-based cybersecurity company Proofpoint, which issued the 2021 Voice of the CISO report.
The survey explores three key areas: the threat risk and types of cyberattacks CISOs combat daily, the levels of employee and organizational preparedness to face them, and the impact of supporting a hybrid workforce as businesses prepare to re-open their corporate offices, the company said.
The report examines responses from one hundred CISOs at mid to large size organizations in each of 14 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, the UAE, Saudi Arabia, Australia, Japan, and Singapore, Proofpoint said.
According to the findings, 64% feel at risk of suffering a cyberattack in the next 12 months. As for the types of attacks they expect to face, business email compromise (34%), Office 365 or G suite account compromise (33%) and insider threats (31%) topped the list. Despite dominating recent headlines, supply chain attacks came in fifth with 29% and ransomware was seventh with 27%, the company said.
In addition, the findings showed that while more than half of respondents believe employees understand their role in protecting their organization from cyber threats, 58% of the CISOs still consider human error to be their organization's biggest cyber vulnerability, and 58% believe that remote working has made their organization more vulnerable to targeted cyberattacks.
However, 65% believe they will be able to better resist and recover from cyberattacks by 2023. The top priorities across the board for global CISOs over the next two years were found to be enhancing core security controls (35%), supporting remote working (33%), as well as security awareness (32%) and security automation (32%), Proofpoint said.
"Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight. This required a balancing act between supporting remote work and avoiding business interruption, while securing those environments," said Lucia Milica, global resident CISO at Proofpoint. "With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely."
"The ‘good enough’ approach of the past 12 months will simply not work in the long term: with businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cyber security defenses has never been more pressing," said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. "CISOs hold a business-critical function, now more than ever."
More than a year after the outbreak of the pandemic that forever changed the threat landscape, a survey finds that 66% of chief information security officers feel that their organizations are not prepared to deal with attacks by malicious actors
Photo: Bigstock
As many as two thirds of chief information security officers say that their organizations are not ready for cyberattacks, according to a recently-released survey of over 1,400 CISOs in 14 countries.
More than a year after the outbreak of the pandemic that forever changed the threat landscape, 66% feel their organization is unprepared to cope with a targeted cyberattack in 2021, while 53% are more concerned about the repercussions of such an attack this year than they were in 2020, said U.S.-based cybersecurity company Proofpoint, which issued the 2021 Voice of the CISO report.
The survey explores three key areas: the threat risk and types of cyberattacks CISOs combat daily, the levels of employee and organizational preparedness to face them, and the impact of supporting a hybrid workforce as businesses prepare to re-open their corporate offices, the company said.
The report examines responses from one hundred CISOs at mid to large size organizations in each of 14 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, the UAE, Saudi Arabia, Australia, Japan, and Singapore, Proofpoint said.
According to the findings, 64% feel at risk of suffering a cyberattack in the next 12 months. As for the types of attacks they expect to face, business email compromise (34%), Office 365 or G suite account compromise (33%) and insider threats (31%) topped the list. Despite dominating recent headlines, supply chain attacks came in fifth with 29% and ransomware was seventh with 27%, the company said.
In addition, the findings showed that while more than half of respondents believe employees understand their role in protecting their organization from cyber threats, 58% of the CISOs still consider human error to be their organization's biggest cyber vulnerability, and 58% believe that remote working has made their organization more vulnerable to targeted cyberattacks.
However, 65% believe they will be able to better resist and recover from cyberattacks by 2023. The top priorities across the board for global CISOs over the next two years were found to be enhancing core security controls (35%), supporting remote working (33%), as well as security awareness (32%) and security automation (32%), Proofpoint said.
"Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight. This required a balancing act between supporting remote work and avoiding business interruption, while securing those environments," said Lucia Milica, global resident CISO at Proofpoint. "With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely."
"The ‘good enough’ approach of the past 12 months will simply not work in the long term: with businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cyber security defenses has never been more pressing," said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. "CISOs hold a business-critical function, now more than ever."
