Sixty-eight percent of CISOs globally fear a cyberattack in the next 12 months, up by over 40% year over year and in sync with the pandemic high of 64%, according to a new Proofpoint survey. Credit: Getty Images Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a Proofpoint survey.“With the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite is true,” said Lucia Milică Stacy, Global Resident CISO of Proofpoint. “Compared with last year, CISOs are feeling less prepared to cope with cyberattacks and more at risk, indicating a reversal to the early days of the pandemic.”An elevated threat landscape, data protection challenges, impacted cybersecurity budgets, CISO burnout, and personal liability concerns all played a role in CISOs feeling more at risk of an attack and less prepared this year, Stacy said.The report surveyed 100 CISOs each from 16 nations including the US, UK, Canada, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, Singapore, South Korea, and Brazil. Cybersecurity concerns back to pandemic highsSeveral observations in the report hinted at a brief period of relief followed by a quick return to pandemic-level anxiety. Sixty-eight percent of respondents said they feel at risk of experiencing a material cyberattack in the next 12 months, compared to 48% last year and 64% in 2021.Additionally, 61% believe their organization is unprepared to cope with a targeted cyberattack, compared to 50% last year and 66% in 2021. “Having conquered the unprecedented challenges of protecting hybrid work environments during the pandemic, security leaders felt a sense of calm. Although attack volumes did not abate, CISOs had a brief period of reprieve as they felt their organizations were less at risk,” Stacy said.The report also noted a strong willingness to pay ransoms, with 62% of CISOs saying they are ready to pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. This perhaps has to do with 61% of them having cybersecurity insurance in place for various types of attacks.“Profitability at insurance companies offering cyber insurance has already taken a hit due to the raft of ransomware-related payouts in recent years,” said Michael Sampson, senior analyst at Osterman Research. “We have already seen cases where premiums have doubled for half the coverage. It has been becoming more and more expensive to secure cyber insurance. Some are even likely to withdraw completely from offering coverage, given the negative trends.”When asked about which attacks they perceive to be the biggest cybersecurity threats, a third of the survey respondents (33%) chose email fraud to be the most concerning, followed by insider threats (30%), cloud account compromise (29%), and DDoS attacks (29%).CISOs also reported that their jobs are getting increasingly unsustainable, as they feel security pressures mounting. Sixty-one percent of them feel unreasonable job expectations, against last year’s 49%. While 62% are concerned about personal liability, 60% say they have experienced burnout in the past 12 months.People risks take prominence, cybersecurity leaders sayEighty-two percent of the security leaders reporting a material loss of sensitive data said employees leaving the organization contributed to the loss. Overall, 63% reported such losses in the last 12 months. Just 60% of CISOs believed they have adequate controls to protect their data. “Nearly all cybersecurity incidents can be traced to human involvement. Successful attacks almost always involve some user action enabling an attack to stick, and as such incidents continue CISOs will increasingly view protecting and educating their people as a top priority within their organizations,” Stacy said.Sixty percent of the responding CISOs view human error as their organization’s biggest cybersecurity vulnerability, as opposed to 56% and 58% in 2022 and 2021, respectively. Also, only 61% of CISOs are confident that their employees understand their role in protecting the organization. These consistent numbers over the years hint at a clear alignment in terms of people risks.“Phishing remains a key initial vector for attacks and inadequate phishing security technology makes it easier for humans to click through malicious messages and allow access to system or data,” Osterman’s Sampson said. “Poor training approaches is also an issue – such as when organizations rely on outdated attack intel (several months old), ineffective training and assessment methods, and operate training as a check-box activity, not an enablement one.”Supply chain remains a top priority as 64% of CISOs say they have adequate controls in place to mitigate supply chain risks. Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability Vulnerabilities Security feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe