BY Richard Summerfield
Two-thirds of chief information security officers (CISOs) feel their companies are unprepared for a cyber attack, according to a new report from Proofpoint Inc.
The company’s inaugural ‘2021 Voice of the CISO Report’ examines global third-party survey responses from more than 1400 CISOs at mid to large size organisations across different industries. Throughout the course of Q1 2021, 100 CISOs were interviewed in each market across 14 countries: the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan and Singapore.
According to the report, 66 percent of CISOs feel their organisation is unprepared to handle a cyber attack and 58 percent consider human error to be their biggest cyber vulnerability. These responses are particularly noteworthy given the mass migration of employees to remote working over an unprecedented 12 months. Many CISOs have struggled to create a sense of urgency and priority among employees. Security training and awareness remain a challenge. Accordingly, 66 percent percent of CISOs do not believe their organisations are prepared to cope with an attack.
“Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight,” said Lucia Milică, global resident CISO at Proofpoint. “This required a balancing act between supporting remote work and avoiding business interruption, while securing those environments.”
She continued: “With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely.”
However, despite many of the concerns voiced by CISOs regarding preparedness, many CISOs do feel adequately prioritised from a budget standpoint. The majority of global CISOs expect budgets to increase by at least 11 percent in the next two years. Sixty-five percent believe their companies will be better able to resist and recover from cyber attacks by 2022/23.
Report: 2021 Voice of the CISO report