New Voice of the CISO report: Nearly half lack routines for ransomware attacks

Today launches Proofpoint its annual Voice of the CISO reportwhich identifies the key challenges facing information security managers (CISOs).

The report shows, among other things, that CISOs today experience that they have more control over their environments: 48 percent believe that their organization is at risk of being hit by a cyber attack over the next 12 months compared to 64 percent last year report.

Feeling prepared for a cyberattack and actually being prepared are two completely different things. The growing confidence of CISOs is likely to be a result of overcoming the challenges of the pandemic rather than any apparent change in risk levels. The report shows that 50 percent of CISOs still feel their organization is unprepared to deal with a cyber attack – a figure that has dropped from 66 percent last year.

– It has been a challenging time for CISOs with attacks that have affected supply chains and created newspaper headlines. The impact of the pandemic on the cybersecurity situation forced CISOs to adapt to new ways of working. It is therefore encouraging that they seem more confident in their abilities today compared to the uncertain pandemic years. However, the report also highlights an acute problem, namely that the wave of redundancies has created vulnerability to information protection and led to new insider threats, says Lucia Milică, vice president and global resident CISO at Proofpoint.

Some of the key points from the report:

  • The attention that ransomware attacks has gained, has greatly increased awareness of cybersecurity among corporate management and placed ransomware at the top of the agenda. 58 percent state that they have purchased some form of cyber insurance, and 3 out of 5 focus on preventive security work rather than detection and response strategies. Despite increased risks and more attention, about 42 percent state that they have no ransomware attack policy in place.
  • This year, insider threats topped the list for CISOs by 31 percent, closely followed by DDoS attacks, Business Email Compromise (BEC) and hijacking of cloud accounts, all at 30 percent. Although media attention has predominantly focused on ransomware, only about 28 percent stated that this posed the greatest threat.
  • 49 percent of the CISOs feel that expectations for their role are exaggerated – a drop from 57 percent last year. Only 21 percent of CISOs agree that their board shares the view on cybersecurity. When assessing cyber risks, CISOs list disruptions in business operations, impact on business value and significant downtime as the biggest concerns the board struggles with.
  • Although employee security awareness is on the rise, it is not enough as cyber defense: While 60% of respondents believe that employees understand their role in protecting their organization from cyber threats, 56% of CISOs still believe that human error is their organization’s greatest vulnerability. Yet, only half of the CISOs surveyed have increased the number of cybersecurity courses for employees over the past year.
  • Permanent hybrid work makes data protection a significant challenge for CISOs: As employees today form the first line of defense, no matter where they choose to work, 51 percent of CISOs agree that they have seen an increase in targeted attacks over the past 12 months. Targeted attacks also show that CISOs identify insider attacks as the most vulnerable, with employees inadvertently revealing credentials, giving cybercriminals access to sensitive data.

“After spending two years strengthening their defenses to support hybrid work, CISOs have been forced to deal with cyber threats that target today’s dispersed and cloud-dependent workforce. The result is that their focus is on preventing the most likely attacks such as. email compromise, ransomware, insider threats and DDoS. All in all, CISOs seem to have embraced 2022 as silence after the storm, but with rising geopolitical tensions and an increasing number of attacks, there is no reason to shout hurray yet, ”says Örjan Westman, Nordic head at Proofpoint.

This year’s Voice of the CISO report is based on global questionnaire responses from more than 1,400 CISOs in medium to large organizations in various industries. The study focuses on three main areas: the threat risk and the types of cyber attacks that CISOs combat on a daily basis, the levels of employee and organization preparedness, and the effects of the hybrid workplace.

Source: IT-Kanalen by

*The article has been translated based on the content of IT-Kanalen by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!