Proofpoint’s 2024 Insights from the CISO Report Reveal that Over Four in 5 Canadian CISOs Point Out Human Error as Primary Cybersecurity Risk
To address this weak spot, 86% of Canadian CISOs are embracing AI-driven technology to prevent human error and thwart sophisticated human-focused cyber threats
TONONTO, Canada, May 21, 2024 – Proofpoint, Inc., a reputable cybersecurity and compliance firm released its annual Insights from the CISO report, delving into essential challenges, hopes and priorities of chief information security officers (CISOs) globally.
The 2024 report acknowledges a noticeable trend: while concerns about cyber assaults are on the rise, Canadian CISOs exhibit growing assurance in their ability to guard against these risks, showcasing a noteworthy transformation in the cybersecurity panorama. More than two-thirds (90%) of interviewed CISOs in Canada sense vulnerability to a significant cyber assault in the next 12 months, an increase from 58% the previous year. Although CISOs are on high alert, their confidence is rising: only 33% feel unprepared to handle a directed cyber assault, a significant decrease from last year’s 60% and 63% in 2022.
Human error continues to be viewed as the Achilles’ heel of cybersecurity, with nearly three-quarters (83%) of Canadian CISOs identifying it as the most critical vulnerability. Amid a period of increasing insider risks and data loss caused by individuals, more CISOs than ever (90%) recognize human risk, especially negligent employees, as a significant cybersecurity worry over the upcoming two years. Nonetheless, there is a growing sense of optimism regarding the role of AI-driven solutions in mitigating human-based risks, representing a strategic shift toward technology-reliant defenses.
The 2024 Insights from the CISO report examines global third-party survey responses from 1,600 CISOs from organizations with 1,000 employees or more across various sectors. Throughout Q1 2024, 100 CISOs were surveyed in each market across 16 nations: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, Singapore, South Korea, and Brazil.
The report provides a crucial viewpoint on the status of cybersecurity from those leading the charge in safeguarding individuals and protecting data. The report also underscores the significance of upholding robust cybersecurity measures amid economic strains and the pivotal role of human elements in organizational cyber readiness. The survey also assesses changes in the alignment between security leaders and their boards of directors, exploring the impact of their relationship on security priorities.
“As the cybersecurity landscape evolves with heightened human-centered threats, the 2024 Insights from the CISO report highlights an apparent shift towards increased resilience, preparedness, and confidence among global CISOs,” expressed Patrick Joyce, Proofpoint’s worldwide Chief Information Security Officer. “This year’s results underline a collective move toward strategic defenses, incorporating improved education, technological integration, and an adaptable approach to emerging threats like generative AI.”
Essential Canadian discoveries from Proofpoint’s 2024 Insights from the CISO report include:
- Human error remains the most prominent cyber vulnerability concern yet CISOs opt for AI solutions to assist. This year, there is a rise in the proportion of Canadian CISOs regarding human error as their company’s primary cyber vulnerability—83% in this year’s study versus 66% in 2023. Nevertheless, 87% of CISOs trust that employees comprehend their responsibility in safeguarding the organization. This confidence has escalated from last year—55% in 2023 to 87% in 2022. This could be attributed to the 86% of Canadian CISOs polled intending to deploy AI-driven technologies to defend against human error and sophisticated human-focused cyber threats.
- Additional CISOs apprehend cyber attacks, yet fewer feel unprepared, indicating growing confidence in their security protocols. In 2024, 90% of Canadian CISOs surveyed feel vulnerable to facing a significant cyber attack within the next 12 months, contrasting with 58% in 2023. Nevertheless, only 33% believe their organization is ill-prepared to handle a targeted cyber attack, as opposed to 60% in 2023 and 63% in 2022.
- Generative AI leads CISOs security concerns. In 2024, 73% of Canadian CISOs surveyed consider generative AI as a security threat to their company. The principal three systems CISOs perceive introducing risk to their organizations are: Microsoft 365 (54%), Active Directory (52%), and ChatGPT/other GenAI alongside Slack/Teams/Zoom/other collaboration tools tied at 47%.
- <Firm position on ransom payments with increased dependency on cyber insurance. In 2024, 82% (66% in 2023) of Canadian CISOs are of the opinion that their organization would be willing to pay in order to restore systems and prevent data release if targeted by ransomware within the next 12 months. 69% of CISOs expressed that they would depend on cyber insurance claims to recuperate potential losses suffered, as opposed to 64% in 2023.
- The relationship between the Board and CISO has shown significant improvement. In 2024, 75% of Canadian CISOs acknowledge that their board members share the same views as them on cybersecurity matters. This marks a substantial increase from 59% in 2023 and a decline from 85% in 2022.
- CISOs face continual pressures. In 2024, 59% of Canadian CISOs confessed to experiencing burnout compared to 63% the previous year, while 62% feel they are subject to excessive expectations, a minor reduction from 66% in the previous year. The sustainability of the persistent demands on Canadian CISOs remains under scrutiny—67% are apprehensive about personal liability (65% in 2023), and 64% (63% in 2023) would not join an organization that does not provide Directors & Officers (D&O) insurance coverage. Moreover, 72% of CISOs concurred that the current economic downturn has hindered their capacity to make vital investments for the business, with 67% of them being instructed to downsize staff or postpone hiring replacements, as well as reduce security budgets.
“As we navigate through the complexities of today’s cyber threat landscape, it is heartening to see Canadian CISOs growing more confident in their strategies and tools,” remarked Jeffrey Freedman, area vice president, Canada, Proofpoint. “Nevertheless, the continual challenges of employee turnover, resource pressure, and the necessity for sustained board involvement serve as a reminder that vigilance and adaptability are crucial to our collective cyber resilience here in Canada.”
To access the 2024 Voice of the CISO report, kindly go to: https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report
###
About Proofpoint, Inc.
Proofpoint, Inc. is a leading cybersecurity and compliance firm that shields organizations’ primary assets and most significant risks: their people. With an integrated selection of cloud-based solutions, Proofpoint supports companies worldwide in halting targeted threats, protecting their data, and enhancing their users’ resilience against cyber assaults. Leading organizations of all sizes, including 85% of the Fortune 100, rely on Proofpoint for human-centric security and compliance solutions that mitigate their most crucial risks across email, the cloud, social media, and the internet. More details are accessible at www.proofpoint.com.
Connect with Proofpoint: X | LinkedIn | Facebook | YouTube
Proofpoint is a registered trademark or trade name of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.
About Author
