CISOs are also less concerned about ransomware attacks, but many says their organizations are still not properly prepared for them. Credit: Thinkstock The threat of substantial material attacks and getting board support for their efforts are top-of-mind issues among the world’s CISOs, according to a new report released by Proofpoint Tuesday. While nearly half of the 1,400 CISOs surveyed for the annual Voice of the CISO report (48%) say their organization is at risk of suffering a material cyberattack in the next 12 months. That’s substantially lower than 2021, when nearly two-thirds of the CISOs (64%) expressed similar sentiments.“That drop was a bit surprising,” Proofpoint Global Resident CISO Lucia Milica, who supervised the survey, tells CSO Online. When the pandemic hit, CISOs were scrambling to put temporary controls in place to deal with the explosion of remote workers and enable a business to operate securely, she explains. “Over the last two years, CISOs have had time to bring in more permanent controls to support hybrid work. That’s put more CISOs at ease in terms of feeling that they can protect their organizations.”Only 28% of CISOs see ransomware as one of the biggest threatsThose sentiments were evident when the CISOs were asked about targeted attacks since the move to hybrid work. More than half (51%) say such attacks have increased as hybrid work has increased. However, that’s dropped from 2021, when 58% of CISOs attributed increases in such attacks to hybrid work. The researchers from Censuswide, which surveyed the CISOs for the Proofpoint report, also found that anxiety over a future cyberattack varied by country. Countries where the CISOs were most worried about a material cyberattack were France (80%), Canada (72%), and Australia (68%), while those least worried included the Netherlands (28%) and Saudi Arabia (27%). Chief among the threats facing their organizations, according to the CISOs, are insider threats (31%), DDoS attacks (30%), email fraud (30%), and cloud account compromise (30%). Only 28% of the CISOs identified ransomware as one of the biggest threats facing their organizations, a slight increase over 2021.“I think there’s a level of comfort that a lot of security leaders have around having the right security controls in place to address ransomware,” Milica says, “while with something like insider threats, there are more nuances around a program to deal with that.” Excessive expectations for CISOsHowever, that level of comfort may be misplaced, according to the report. Many organizations appear unprepared for ransom demands of any size or scale, it notes, with 42% of CISOs admitting their outfits do not have a ransom policy in place. Four out of ten do not have a blueprint to address a ransomware incident.The report also found that nearly half of the CISOs (49%) say that their superiors and colleagues have excessive expectations about the CISO’s role in their organizations, although that’s a significant drop from 2021, when 57% felt burdened by excessive expectations.Another telling discovery in the report about the CISO’s role in their organizations is how they feel about the support they’re getting from the boardroom. About half (51%) of the CISOs say they see eye-to-eye with their boards concerning cybersecurity matters. That’s a big drop from 2021 when 59% said they and their boards were on the same page on cybersecurity.“That’s surprising because I felt last year there was substantial press focusing on blockbuster breaches that elevated engagement with the C-suite, yet the eye-to-eye number went down,” Milica says. “I was hoping for an increase.” Related content news Report suggests cybersecurity investment, board involvement linked to better shareholder returns The study by Diligent and Bitsight points to advanced security and strong risk or audit committees as good predictors of an enterprise’s financial success. By sascha _brodsky Mar 28, 2024 4 mins CSO and CISO Business Business IT Alignment brandpost Sponsored by Palo Alto Networks A Zero Trust approach for remote access in utilities is essential Infrastructure, specifically the utilities sector, must adopt a Zero Trust approach as ongoing cyberattacks by remote actors become more and more prevalent—threatening to disrupt everyday life. By Anand Oswal, senior vice president of product, network security, Palo Alto Networks Mar 28, 2024 5 mins Security news Your employees are using sensitive corporate devices for personal browsing Study shows more than 97% of employees use the same devices for work and personal activities. By Shweta Sharma Mar 28, 2024 4 mins Mobile Security news Meta sued for snooping on Snapchat users A group of advertisers is suing Meta for its Project Ghostbusters, which was allegedly started to intercept and decrypt Snapchat, YouTube, and Amazon traffic. By Sandeep Budki Mar 28, 2024 4 mins Hacking Legal Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe