53 % still view their organisation as unprepared to cope with a cyberattack in the next 12 months .
cyber trends
53 % still view their organisation as unprepared to cope with a cyberattack in the next 12 months .
relationships will be instrumental in the months ahead so directors and security leaders can have more meaningful conversations and ensure they ’ re investing in the right priorities .”
Key global findings from Proofpoint ’ s report include :
• Generative AI has the boardroom ’ s attention : With tools such as ChatGPT getting much of the spotlight in recent months , 59 % of those surveyed view this emerging technology as a security risk to their organisation .
• Year-over-year comparison shows board members ’ increasing concerns about cyber-risk : 73 % of those surveyed feel their organisation is at risk of a material cyberattack , compared to 65 % in 2022 .
• Awareness and funding do not translate into preparedness : 73 % of directors agree that cybersecurity is a priority for their board , 72 % believe their board clearly understands the cyber-risks they face , 70 % think they have adequately invested in cybersecurity and 84 % believe their cybersecurity budget will increase over the next 12 months ; however , these efforts are not leading to better preparedness – 53 % still view their organisation as unprepared to cope with a cyberattack in the next 12 months .
• Board members and CISOs have similar concerns about their biggest threats : Board members ranked malware as their top concern ( 40 %), followed by insider threat ( 36 %) and cloud account compromise ( 36 %). This is only slightly different from CISOs ’ top concerns of email fraud / BEC ( 33 %), insider threat ( 30 %) and cloud account compromise ( 29 %).
• Directors are not completely aligned with CISOs in the areas of people risk and data protection : While most directors ( 63 %) and CISOs ( 60 %) agree that human error is their biggest risk , board members are much more confident in their organisation ’ s ability to protect data – 75 % of directors share this view , compared to only 60 % of CISOs .
• Bigger budgets , additional cyber resources and better threat intelligence top boardrooms ’ wish lists : 37 % of board directors said their organisation ’ s cybersecurity would benefit from a bigger budget , 35 % would like to see more cyber resources and 35 % would like better threat intelligence .
• Board-CISO interactions and relationships are gradually improving : 53 % of directors say they interact with security leaders regularly . While an increase from last year ’ s 47 %, it still leaves nearly half of all boardrooms without strong CISO-C-suite relationships . Board members and CISOs are generally closely aligned when they do interact , however , with 65 % of board members saying they see eye-to-eye with their CISO and 62 % of CISOs agreeing .
From a regional lens , previous Proofpoint research shows that 63 % of CISOs in the UAE and 45 % of CISOs in KSA agree that board members saw eye-to-eye with them on cybersecurity issues .
• Personal liability is a concern for boards and CISOs alike : 72 % of board directors expressed concern about personal liability in the wake of a cybersecurity incident at their own organisation – and 62 % of CISOs agree .
“ Board members are taking cybersecurity matters seriously , demonstrating they have no illusions about human risk and the impact cyberthreats pose to an organisation ’ s bottom line . They are making strides in their relationships with security leaders , understanding that strong board-CISO partnerships are more critical than ever ,” said Kalember . “ But this is not a time to grow complacent . Boards must continue to invest heavily in improving preparedness and organisational resilience . This means pushing for even deeper , more productive conversations with CISOs to ensure directors are making informed , strategic decisions that drive positive outcomes .” u www . intelligentciso . com
29