This audio is generated automatically. Please let us know if you have any comments.
- CISOs perceive less risk from a hardware-based cyberattack and feel more confident in their ability to deal with cyberthreats, according to a survey commissioned by Proofpoint and conducted by Censuswide.
- The chaos and rapid technological change CISOs faced during the early waves of the pandemic have given way to a greater sense that they have regained control of their IT environments and systems.
- Despite this collective boost in confidence, half of the 1,400 global CISOs surveyed said their organization was still unprepared for a cyberattack.
Overview of the dive:
According to Proofpoint, less than half of CISOs surveyed anticipate a major cyberattack this year, a big change from the 64% who had this concern last year.
CISOs generally feel calmer and in control of their IT infrastructure now that they’ve had a chance to reflect and make permanent changes after two years of heightened uncertainty, said Lucia Milică, Global Resident CISO at Proofpoint.
“Our job as security leaders is to continuously manage cyber risks, respond and adapt,” she said. “To some degree, we’ve just adapted to a higher threshold of cyberattacks than perhaps we were used to before the pandemic.”
While major and persistent ransomware attacks have heightened senior executives’ risk awareness, the perceived lack of support from corporate boards has increased over the past year. According to Proofpoint, fewer CISOs align with the board on cybersecurity issues.
Boards understand the need to adequately address cybersecurity and identify it as a business risk, but relatively few boards grasp the complexities inherent in modern digital systems, said Milica.
Rising systemic risk, following widespread efforts to digitize businesses, underscores the need for boards to prioritize resources and better reflect the critical role cybersecurity plays in a company’s operations. , she said.
Indeed, Milică said she supports the Securities and Exchange Commission (SEC) proposed rules for cybersecurity disclosure as this would require more expertise at board level, in addition to regular filings on management, governance and strategy.
Such a mandate would lead to better strategies and more budget allocation for cybersecurity, much like what the Sarbanes-Oxley Act of 2002 did for record keeping and financial reporting, she said. .
Greater awareness and a vigorous response from government and law enforcement officials could also explain why fewer CISOs are feeling the pressure of excessive expectations. Less than half of CISOs surveyed by Proofpoint said expectations about their role remain excessive. That’s down from 57% in 2021.
Perceptions aside, CISOs still face a troubling skills gap, challenges with talent acquisition and retention, alert fatigue, and burnout, all of which can have a negative impact on mental health, Milică said.
“We are already struggling to have enough resources. We certainly don’t want to completely exhaust the ones we have,” she said.