You are currently viewing Proofpoint’s Voice of the CISO 2022 report reveals half of the

Proofpoint’s Voice of the CISO 2022 report reveals half of the

SUNNYVALE, Calif., May 17, 2022 (GLOBE NEWSWIRE) — Proofpoint, Inc., a leading cybersecurity and compliance firm, today released its annual Voice of the CISO report, which explores key challenges faced by chief information security officers (CISOs). While CISOs around the world have spent 2021 embracing new ways of working, many now feel much more in control of their environment: 48% believe their organization is at risk of a significant cyberattack in the next 12 months, compared to 64% l ‘last year.

But feeling prepared for a cyberattack is very different from being prepared. This growing CISO confidence is likely the result of a successfully surmounting seismic event (the pandemic) rather than a tangible change in preparedness risk levels. Our report reveals that 50% of global CISOs still believe their organization is unprepared to handle a cyberattack and 56% consider human error to be their biggest cybervulnerability, with work setups from anywhere where established and the great resignation presenting new challenges around information. protection.

This year’s Voice of the CISO report examines responses to the global third-party survey of more than 1,400 CISOs at mid-to-large organizations across different industries. During the first quarter of 2022, one hundred CISOs were surveyed in each market in 14 countries: United States, Canada, United Kingdom, France, Germany, Italy, Spain, Sweden, Netherlands, United Arab Emirates, Saudi Arabia, Australia, Japan and Singapore. .

The survey explores three key areas: the threat risk and types of cyberattacks CISOs combat daily, the employee and organizational readiness levels they face, and the impact of supporting a workforce. hybrid workforce as businesses prepare to reopen their offices. It also reveals the challenges faced by CISOs in their roles, their position within the C-suite and the business expectations of their teams.

“As high-profile attacks have disrupted supply chains, grabbed headlines and prompted new cybersecurity legislation, 2021 has proven to be another challenging time for CISOs around the world. But as CISOs adapt to new ways of working, it’s encouraging to see that they now seem more confident about their security,” commented Lucia Milică, Vice President and Global Resident CISO at Proofpoint. “As the impact of the pandemic on security teams gradually fades, our 2022 report reveals an urgent problem. As workers leave their jobs or choose not to return to the workforce, security teams are now dealing with a host of information protection vulnerabilities and insider threats.

Proofpoint’s 2022 Voice of the CISO report highlights general trends as well as regional differences within the global CISO community. Key global findings include:

  • CISOs are more confident about their cybersecurity posture: after two years of unprecedented disruption, CISOs now feel more in control of their environment: less than half of CISOs surveyed (48%) believe their organization is at risk of a significant cyberattack in the next 12 months, compared to 64% l ‘last year.
  • There is no consensus among CISOs as to the most significant threats targeting their organization: this year, insider threats – whether negligent, accidental or criminal – topped the list with 31%, but were closely followed by DDoS attacks, work email compromise and cloud account compromise (the O365 or G suite accounts being compromised), all at 30%. %. Despite recent headlines, ransomware has come in at 28%.
  • Organizational cyber readiness has improved but remains a top concern: Growing familiarity with the post-pandemic work environment has also made CISOs feel better equipped to deal with cyber threats. While 66% believed they were unprepared for a targeted attack in 2021, that figure has dropped to 50% this year.
  • Employee security awareness is on the rise, but users are still not skilled enough for the cyber defense role: While 60% of respondents believe that employees understand their role in protecting their organization against cyber threats, 56% of global CISOs still consider human error as their organization’s greatest cyber vulnerability. In the past year, only half of global CISOs surveyed have increased the frequency of cybersecurity training for employees.
  • Long-term hybrid work and the big resignation make data protection a major new challenge for CISOs: With employees now forming the defensive perimeter wherever they work, 51% of CISOs agree they have seen an increase in targeted attacks over the past 12 months. And half say the increase in employee transitions means data protection has become an increased challenge and investing in information protection is high on the priority list for the next two years. When asked how employees were most likely to cause a data breach, CISOs cited compromised insider attacks as the most likely vector, where employees inadvertently expose their credentials, allowing cybercriminals to access sensitive data.
  • Ransomware headlines have greatly increased awareness of cyber risks among the C-Suite and prompted changes in strategy: recent high-profile attacks have pushed ransomware to the top of organizations’ agendas, with 58% revealing they have cyber insurance and 3 out of 5 global CISOs focusing on prevention rather than detection strategies and Answer. Despite the rising stakes, however, 42% of CISOs admit they don’t have a ransom payment policy in place.
  • While CISOs feel a little less pressured, board buy-in remains tenuous as cyber risk worries business leaders: 49% of CISOs feel that expectations of their role are excessive, up from 57% last year. However, the perceived lack of alignment with the board has increased with only 21% of CISOs globally strongly agreeing that their board agrees with them on issues. of cybersecurity. When discussing cyber risk, global CISOs cited significant downtime, disruption to operations, and the impact on company valuation as top board concerns.

“After spending two years hardening their defenses to support hybrid working, CISOs have had to prioritize their efforts to combat cyber threats targeting today’s distributed, cloud-dependent workforce. As a result, their focus has focused on preventing the most likely attacks such as corporate email compromise, ransomware, insider threats, and DDoS attacks,” said Ryan Kalember, executive vice president of the cybersecurity strategy at Proofpoint. “Overall, CISOs appear to have embraced 2022 as the calm after the storm, but may fall into a false sense of security. With geopolitical tensions rising and targeted attacks on people increasing, the same shortcomings in user awareness, preparedness and prevention needs to be met before cybersecurity seas become choppy again.

To download the 2022 Voice of the CISO report, visit:

Visit Proofpoint’s new CISO Hub at, a homepage for CISO-level content including news, research, trends, technical resources, tools and upcoming events. Each month features a hot topic particularly relevant to the role of CISO.

About Propoint, Inc.
Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and greatest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps businesses around the world stop targeted threats, protect their data, and make their users more resilient against cyberattacks. Large enterprises of all sizes, including 75% of Fortune 100 companies, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, cloud, social networks and the web. More information is available at

Connect with Proofpoint: Twitter | LinkedIn | Facebook | Youtube

Proofpoint is a registered trademark or trade name of Proofpoint, Inc. in the United States and/or other countries. All other trademarks contained herein are the property of their respective owners.

Estelle Derouet
Propoint, Inc.

Leave a Reply