Proofpoint, Inc., a leading cybersecurity and compliance company, has released its annual Voice of the CISO report, which explores the top challenges facing chief information security officers (CISOs) in Australia and around the world. While CISOs around the world have spent 2021 accepting new ways of working, Australian CISOs have lagged behind their global counterparts when it comes to feeling in control of their environment: 77% of CISOs Australians say their organization is unprepared to detect, deter and recover from a cyberattack – the highest in 14 countries surveyed and up 21% from 2021.
“As high-profile attacks have disrupted supply chains, grabbed headlines and prompted new cybersecurity legislation, 2021 has proven to be another challenging time for CISOs around the world,” commented Lucia Milică, Vice President and Global CISO Resident at Proofpoint. “As the impact of the pandemic on security teams gradually fades, our 2022 report reveals an urgent problem. As workers leave their jobs or choose not to return to the workforce, security teams are now dealing with a host of information protection vulnerabilities and insider threats.
Not only do Australian CISOs feel less prepared, but 68% also believe their organization is at risk of a significant cyberattack in the next 12 months, compared to 48% of CISOs globally. Additionally, 76% of Australian CISOs rank human error as their biggest cyber vulnerability, with established work-from-anywhere configurations and the big drop presenting new information protection challenges.
This year’s Voice of the CISO report examines responses to the global third-party survey of more than 1,400 CISOs at mid-to-large organizations across different industries. During the first quarter of 2022, one hundred CISOs were surveyed in each market in 14 countries: Australia, United States, Canada, United Kingdom, France, Germany, Italy, Spain, Sweden, Netherlands, United Arab Emirates, Arabia Saudi Arabia, Japan and Singapore. .
The survey explores three key areas: the threat risk and types of cyberattacks CISOs combat daily, the employee and organizational readiness levels they face, and the impact of supporting a workforce. hybrid workforce as businesses prepare to reopen their offices. It also reveals the challenges faced by CISOs in their roles, their position within the C-suite and the business expectations of their teams.
“After spending two years hardening their defenses to support hybrid working, CISOs have had to prioritize their efforts to combat cyber threats targeting today’s distributed, cloud-dependent workforce. The Australian Federal Government’s historic investment of $9.9 billion in cybersecurity preparedness shows how essential it has become for governments and organizations to strengthen their defenses in a rapidly changing climate. Yet our research shows that Australian CISOs feel the least prepared in the world to deal with the consequences of a cyberattack. Not only that, Australian CISOs feel the pressure of their role far more than other countries, with 63% of Australian CISOs agreeing that expectations of their role are excessive – a significant increase from 44% in 2021,” said Yvette Lejins, Resident Chief Information Security Officer (CISO), APJ at Proofpoint.
Proofpoint’s 2022 Voice of the CISO report highlights general trends as well as regional differences within the global CISO community. Key Australian findings include:
- Organizational cyber readiness is a top concern for Australian CISOs: 77% (over three-quarters) of Australian CISOs believed they were unprepared for a targeted attack this year. That’s up from 56% last year.
- Australian CISOs are less confident about their cybersecurity posture than their peers: While global CISOs appear to be more in control of their environment, Australian CISOs are less confident than their peers with 68% feeling at risk of experiencing a significant cyberattack in the next 12 months. The global average was 48%.
- Australian CISOs feel under increased pressure as board buy-in remains shaky as cyber risk worries business leaders: 63% of Australian CISOs believe expectations of their role are excessive, up from 44% last year. However, the perceived lack of alignment with the board has increased, with only 25% of Australian CISOs strongly agreeing that their board agrees with them on cybersecurity issues. When discussing cyber risk, Australian CISOs indicated that significant downtime, disruption to operations and impact on business valuation were top concerns for the board.
- There is no consensus among CISOs as to which threats are most significant to their organization: this year, insider threats, whether negligent, accidental or criminal, top the list for Australian CISOs at 36%, but are closely followed by business email compromise and blockchain attacks. supply, both at 31%. Despite recent headlines, ransomware has come in at 22%.
- Employee security awareness is on the rise, but users are still not skilled enough for the cyber defense role: While 75% of Australian survey respondents believe that employees understand their role in protecting their organization from cyber threats, 76% of CISOs still consider human error as their organization’s greatest cyber vulnerability. Over the past year, 64% of Australian CISOs surveyed have increased the frequency of cybersecurity training for employees.
- Long-term hybrid work and the big resignation make data protection a major new challenge for CISOs: With employees now forming the defensive perimeter wherever they work, 2 in 3 Australian CISOs (66%) agree they have seen an increase in targeted attacks in the past 12 months, compared to 51% of CISOs globally. And 68% say the increase in employee transitions means data protection has become a bigger challenge. When asked how employees were most likely to cause a data breach, CISOs pointed to malicious insiders as the most likely vector, where employees intentionally steal company information.
- Ransomware headlines have greatly increased awareness of cyber risks among the C-Suite and prompted changes in strategy: Recent high-profile attacks have pushed ransomware to the top of organizations’ agendas, with 72% of Australian CISOs revealing they have cyber insurance (compared to a global average of 58%) and 75% focusing on prevention rather than detection and response strategies. Despite the rising stakes, however, around 30% of Australian CISOs admit they don’t have a ransom payment policy in place.
“Our research also highlights a perceived lack of alignment between CISOs and the board, with only a quarter of Australian CISOs strongly agreeing that their board agrees with them on cybersecurity issues We need to start seeing greater internal alignment across all meeting rooms on critical threats like ransomware to create effective cybersecurity practices that put people first. geopolitical tensions, the ongoing conflict in Ukraine, and the increase in targeted attacks on people, the same gaps in user awareness, preparedness, and prevention must be addressed to deal with a growing threat landscape. unstable,” concluded Lejins.
To download the 2022 Voice of the CISO report, go to: https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report.