Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a Proofpoint survey.\u201cWith the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite is true,\u201d said Lucia Milic\u0103 Stacy, Global Resident CISO of Proofpoint. \u201cCompared with last year, CISOs are feeling less prepared to cope with cyberattacks and more at risk, indicating a reversal to the early days of the pandemic.\u201dAn elevated threat landscape, data protection challenges, impacted cybersecurity budgets, CISO burnout, and personal liability concerns all played a role in CISOs feeling more at risk of an attack and less prepared this year, Stacy said.The report surveyed 100 CISOs each from 16 nations including the US, UK, Canada, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, Singapore, South Korea, and Brazil.Cybersecurity concerns back to pandemic highsSeveral\u00a0observations in the report hinted at a brief period of relief followed by a quick return to pandemic-level anxiety. Sixty-eight percent of respondents said they feel at risk of experiencing a material cyberattack in the next 12 months, compared to 48% last year and 64% in 2021.Additionally, 61% believe their organization is unprepared to cope with a targeted cyberattack, compared to 50% last year and 66% in 2021.\u201cHaving conquered the unprecedented challenges of protecting hybrid work environments during the pandemic, security leaders felt a sense of calm. Although attack volumes did not abate, CISOs had a brief period of reprieve as they felt their organizations were less at risk,\u201d Stacy said.The report also noted a strong willingness to pay ransoms, with 62% of CISOs saying they are ready to pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. This perhaps has to do with 61% of them having cybersecurity insurance in place for various types of attacks.\u201cProfitability at insurance companies offering cyber insurance has already taken a hit due to the raft of ransomware-related payouts in recent years,\u201d said Michael Sampson, senior analyst at Osterman Research. \u201cWe have already seen cases where premiums have doubled for half the coverage. It has been becoming more and more expensive to secure cyber insurance. Some are even likely to withdraw completely from offering coverage, given the negative trends.\u201dWhen asked about which attacks they perceive to be the biggest cybersecurity threats, a third of the survey respondents (33%) chose email fraud to be the most concerning, followed by insider threats (30%), cloud account compromise (29%), and DDoS attacks (29%).CISOs also reported that their jobs are getting increasingly unsustainable, as they feel security pressures mounting. Sixty-one percent of them feel unreasonable job expectations, against last year\u2019s 49%. While 62% are concerned about personal liability, 60% say they have experienced burnout in the past 12 months.People risks take prominence, cybersecurity leaders sayEighty-two percent of the security leaders reporting a material loss of sensitive data said employees leaving the organization contributed to the loss. Overall, 63% reported such losses in the last 12 months. Just 60% of CISOs believed they have adequate controls to protect their data.\u201cNearly all cybersecurity incidents can be traced to human involvement. Successful attacks almost always involve some user action enabling an attack to stick, and as such incidents continue CISOs will increasingly view protecting and educating their people as a top priority within their organizations,\u201d Stacy said.Sixty percent of the responding CISOs view human error as their organization\u2019s biggest cybersecurity vulnerability, as opposed to 56% and 58% in 2022 and 2021, respectively. Also, only 61% of CISOs are confident that their employees understand their role in protecting the organization. These consistent numbers over the years hint at a clear alignment in terms of people risks.\u201cPhishing remains a key initial vector for attacks and inadequate phishing security technology makes it easier for humans to click through malicious messages and allow access to system or data,\u201d Osterman's Sampson said. \u201cPoor training approaches is also an issue - such as when organizations rely on outdated attack intel (several months old), ineffective training and assessment methods, and operate training as a check-box activity, not an enablement one.\u201dSupply chain remains a top priority as 64% of CISOs say they have adequate controls in place to mitigate supply chain risks.