CISOs are also less concerned about ransomware attacks, but many says their organizations are still not properly prepared for them. Credit: Thinkstock The threat of substantial material attacks and getting board support for their efforts are top-of-mind issues among the world’s CISOs, according to a new report released by Proofpoint Tuesday. While nearly half of the 1,400 CISOs surveyed for the annual Voice of the CISO report (48%) say their organization is at risk of suffering a material cyberattack in the next 12 months. That’s substantially lower than 2021, when nearly two-thirds of the CISOs (64%) expressed similar sentiments.“That drop was a bit surprising,” Proofpoint Global Resident CISO Lucia Milica, who supervised the survey, tells CSO Online. When the pandemic hit, CISOs were scrambling to put temporary controls in place to deal with the explosion of remote workers and enable a business to operate securely, she explains. “Over the last two years, CISOs have had time to bring in more permanent controls to support hybrid work. That’s put more CISOs at ease in terms of feeling that they can protect their organizations.”Only 28% of CISOs see ransomware as one of the biggest threatsThose sentiments were evident when the CISOs were asked about targeted attacks since the move to hybrid work. More than half (51%) say such attacks have increased as hybrid work has increased. However, that’s dropped from 2021, when 58% of CISOs attributed increases in such attacks to hybrid work. The researchers from Censuswide, which surveyed the CISOs for the Proofpoint report, also found that anxiety over a future cyberattack varied by country. Countries where the CISOs were most worried about a material cyberattack were France (80%), Canada (72%), and Australia (68%), while those least worried included the Netherlands (28%) and Saudi Arabia (27%). Chief among the threats facing their organizations, according to the CISOs, are insider threats (31%), DDoS attacks (30%), email fraud (30%), and cloud account compromise (30%). Only 28% of the CISOs identified ransomware as one of the biggest threats facing their organizations, a slight increase over 2021.“I think there’s a level of comfort that a lot of security leaders have around having the right security controls in place to address ransomware,” Milica says, “while with something like insider threats, there are more nuances around a program to deal with that.” Excessive expectations for CISOsHowever, that level of comfort may be misplaced, according to the report. Many organizations appear unprepared for ransom demands of any size or scale, it notes, with 42% of CISOs admitting their outfits do not have a ransom policy in place. Four out of ten do not have a blueprint to address a ransomware incident.The report also found that nearly half of the CISOs (49%) say that their superiors and colleagues have excessive expectations about the CISO’s role in their organizations, although that’s a significant drop from 2021, when 57% felt burdened by excessive expectations.Another telling discovery in the report about the CISO’s role in their organizations is how they feel about the support they’re getting from the boardroom. About half (51%) of the CISOs say they see eye-to-eye with their boards concerning cybersecurity matters. That’s a big drop from 2021 when 59% said they and their boards were on the same page on cybersecurity.“That’s surprising because I felt last year there was substantial press focusing on blockbuster breaches that elevated engagement with the C-suite, yet the eye-to-eye number went down,” Milica says. “I was hoping for an increase.” Related content news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security news analysis Biden delivers updated take on security for critical infrastructure Building on previous efforts, the Biden administration's new National Security Memorandum reflects a more modern approach to protecting US critical infrastructure, giving CISA a better-defined and expanded role as the agency coordinating everyth By Cynthia Brumfield May 02, 2024 7 mins Government Threat and Vulnerability Management Critical Infrastructure news NIST publishes new guides on AI risk for developers and CISOs Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals. By John Dunn May 01, 2024 4 mins Regulation Government Security Practices news analysis 5 key takeways from Verizon's 2024 Data Breach Investigations Report The rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data. By Rosalyn Page May 01, 2024 5 mins Data Breach Zero-day vulnerability Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe