The 2024 Voice of the CISO Report by Proofpoint Highlights that Three-Quarters of CISOs Recognize Human Error as a Primary Cybersecurity Risk
In order to address this area of vulnerability, 87% of CISOs are looking towards AI-powered technology to safeguard against human error and thwart advanced human-centric cyber threats
SUNNYVALE, California, May 21, 2024 – Proofpoint, Inc., an esteemed cybersecurity and compliance firm, unveiled its annual Voice of the CISO report today. The report delves into the key challenges, expectations, and priorities of chief information security officers (CISOs) across the globe.
The 2024 report shines a light on a noteworthy trend: while concerns about cyber attacks are growing, CISOs are showing more confidence in their ability to defend against these threats, indicating a significant change in the cybersecurity landscape. More than two-thirds (70%) of surveyed CISOs feel vulnerable to a significant cyber attack within the next 12 months, up from 68% the previous year and 48% in 2022. CISOs are staying vigilant, but there’s a noticeable rise in confidence among them: only 43% feel ill-prepared to handle a targeted cyber attack, marking a significant drop from 61% last year and 50% in 2022.
Human error remains as the primary weak spot in cybersecurity, with nearly three-quarters (74%) of CISOs pinpointing it as the most crucial vulnerability. In a year marked by increasing insider threats and incidents of data loss caused by individuals, more CISOs than ever (80%) consider human risk, particularly negligent employees, as a major cybersecurity worry over the next couple of years. However, there is a growing positive outlook on the role of AI-driven solutions in mitigating risks associated with human errors, signaling a strategic shift towards technology-driven defenses.
The 2024 Voice of the CISO report analyzes responses from 1,600 CISOs from organizations with 1,000 employees or more across various industries worldwide. Throughout Q1 of 2024, 100 CISOs were interviewed in each market spanning 16 countries: the United States, Canada, the United Kingdom, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, Singapore, South Korea, and Brazil.
The report provides a crucial insight into the state of cybersecurity from those leading the charge in protecting individuals and safeguarding data. It emphasizes the importance of maintaining robust cybersecurity measures in the face of economic strains and the critical role of human elements in organizational cyber resilience. The survey also examines the evolving alignment between security leaders and their boards of directors, exploring how their collaboration influences security priorities.
“As the cybersecurity landscape continues to evolve with the rise of human-centric threats, the 2024 Voice of the CISO report underscores a noticeable shift towards enhanced resilience, readiness, and confidence among global CISOs,” commented Patrick Joyce, Global Resident CISO at Proofpoint. “This year’s discoveries highlight a collective move towards strategic defenses, including increased education, technological integration, and an adaptive response to emerging threats like generative AI.”
Key global discoveries from Proofpoint’s 2024 Voice of the CISO report comprise:
- Human error remains the primary cyber vulnerability, prompting CISOs to leverage AI solutions for assistance. This year, there’s a rise in the number of CISOs considering human error as the most significant cyber vulnerability for their organization—74% in this year’s survey compared to 60% in 2023. At the same time, 86% of CISOs believe that employees comprehend their responsibility in safeguarding the organization. This confidence has increased from previous years—61% in 2023 and 60% in 2022. This increased confidence could be attributed to the 87% of CISOs surveyed planning to deploy AI-driven capabilities to help combat human error and advanced human-focused cyber threats.
- More CISOs are concerned about cyber attacks but fewer feel unprepared, indicating growing faith in their security measures. In 2024, 70% of surveyed CISOs feel susceptible to facing a significant cyber attack within the upcoming 12 months, up from 68% in 2023 and 48% in 2022. Nonetheless, only 43% perceive their organization as inadequately equipped to handle a targeted cyber attack, down from 61% in 2023 and 50% in 2022.
- Generative AI emerges as a top concern among CISOs. In 2024, 54% of surveyed CISOs view generative AI as a security threat to their organization. The top three systems that CISOs believe pose risks to their organizations are: ChatGPT/other genAI (44%), Slack/Teams/Zoom/other collaboration tools (39%), and Microsoft 365 (38%).
- Employee turnover remains a worry, yet CISOs trust their defenses. In 2024, 46% of security leaders reported experiencing a substantial loss of sensitive data in the past 12 months, with 73% agreeing that departing employees contributed to this loss. Despite these incidences, 81% of CISOs believe they have effective controls in place to safeguard their data.
- A large majority of CISOs have implemented DLP technology and increased investments in security training. In 2024, 51% of surveyed CISOs have adopted data loss prevention technology (DLP), a rise from 35% in 2023. More than half (53%) of CISOs taking part in the survey have allocated resources to educate employees on best practices for data security, a higher percentage compared to 2023 (39%).
- Ransomware and malware dominate the concerns of CISOs. The key cybersecurity threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%), and email fraud (36%). These top threats differ from the previous year; business email compromise (BEC) fell from its top position, with ransomware taking the lead and malware moving up to the second spot.
- The relationship between the Board and CISO has shown significant improvement. By 2024, 84% of CISOs acknowledge that their board members are aligned with them on cybersecurity matters. This marks a notable increase from 62% in 2023 and 51% in 2022.
- CISOs are faced with relentless pressures. In 2024, 53% of CISOs acknowledged experiencing burnout, a decrease from 60% in the previous year, while 66% feel overwhelmed by expectations, showing a steady rise from 61% in the previous year and 49% in 2022. The sustainability of these consistent demands on CISOs is continually being tested—66% are worried about personal liability (compared to 62% in 2023) and 72% (up from 61% in 2023) would decline an opportunity to work for an organization that does not provide Directors & Officers (D&O) insurance coverage. Additionally, 59% of CISOs agreed that the current economic downturn has hindered their ability to make critical business investments, with 48% being asked to downsize staff or delay hiring, as well as reduce security budgets.
“As we navigate the complexities of today’s cyber threat landscape, it’s positive to witness CISOs gaining confidence in their strategies and tools,” stated Ryan Kalember, chief strategy officer at Proofpoint. “However, the persistent challenges of staff turnover, resource constraints, and the necessity for ongoing board interaction remind us that remaining vigilant and adaptable are essential for our collective cyber resilience.”
To access the 2024 Voice of the CISO report, kindly visit: https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report
###
About Proofpoint, Inc.
Proofpoint, Inc. is a prominent cybersecurity and compliance organization safeguarding organizations’ most valuable assets and significant risk factors: their personnel. Offering a comprehensive suite of cloud-based solutions, Proofpoint aids companies globally in thwarting targeted threats, securing their data, and enhancing their users’ resilience against cyber assaults. Major companies, ranging from small to large enterprises, rely on Proofpoint for security and compliance solutions that prioritize individuals’ security and mitigate their most critical risks across email, the cloud, social media, and the internet. For more details, visit www.proofpoint.com.
Follow Proofpoint on: X | LinkedIn | Facebook | YouTube
Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.
About Author
