Voice of the CISO Report Addresses Loss of Sensitive Data in the Past Year

May 30, 2023
The latest Voice of the CISO report finds similar results and concerns as experienced early in 2021 during the pandemic.

Proofpoint, Inc., a leading cybersecurity and compliance company, has released its annual Voice of the CISO report, which explores key challenges, expectations and priorities of chief information security officers (CISOs). Overall, the 2023 findings evidence that most CISOs have returned to the same heightened concerns they experienced early in the pandemic.

The 2023 Voice of the CISO report examines global third-party survey responses from more than 1,600 CISOs at mid-to-large size organizations across different industries. According to Proofpoint, the report “discusses global trends and regional differences around three central themes: the threats and risks CISOs face daily; the impact of employees on organizations’ cyber preparedness; and the defenses CISOs are building, especially as the economic downturn puts pressure on security budgets. The survey also measures the changes in alignment between security leaders and their boards of directors, exploring how their relationship impacts security priorities.” 

For the 2023 report, of the CISOs surveyed, 68 percent “feel at risk of a material cyber attack,” compared to 48 percent the year before. Current survey data echoes statistics from 2021, when 64 percent of CISOs believed a material attack was imminent. However, opinions about preparedness have reversed with 61 percent feeling unprepared to cope with a targeted cyber attack, which shows an increase over 2022’s 50 percent and a close return to 2021’s 66 percent. 

As health systems continue to regain the momentum lost during the pandemic, the effects of the Great Resignation and employee turnover continue to linger. With both factors made worse by recent mass layoffs, most CISOs (82 percent) attribute employees leaving the organization to a data loss event. Even though 63 percent of security leaders dealt with the loss of sensitive information in the past year, 60 percent believe they have adequate data protection in place. 

“Many CISOs no longer feel the sense of calm they may have briefly experienced, when they were upbeat after conquering the chaos wreaked by the pandemic. Back to ‘business as usual’, they are less assured in their organization’s abilities to defend against cyber risk,” commented Lucia Milică Stacy, global resident CISO at Proofpoint. “Our 2023 Voice of the CISO report reveals that amidst the rising difficulties of protecting their people and defending data, CISOs are being tested at a personal level with higher expectations, burnout, and uncertainty about personal liability. The improving relationship between security leaders and board members gives us hope, however, and this partnership will enable organizations to overcome the new challenges they face this year and beyond.” 

Key global findings from the 2023 Voice of the CISO report include:

·      CISOs have returned to the elevated concerns and feelings of unpreparedness they experienced early in the pandemic

·       The loss of sensitive data is exacerbated by employee turnover

·       Email fraud tops the list of the most significant threats

·       Most organizations are likely to pay a ransom if impacted by ransomware

·       Supply chain risk is a recurring priority

·       People risk remains a prominent concern

·       CISOs and boards are more in tune

·       Mounting CISO pressures are making the job increasingly unsustainable 

“Security leaders must remain steadfast in protecting their people and data, a task made increasingly difficult as insiders prove themselves as a significant contributor to sensitive data loss,” said Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint. “If recent devastating attacks are any indication, CISOs have an even tougher road ahead, especially given the precarious security budgets and new job pressures. Now that they have returned to elevated levels of concern, CISOs must ensure they focus on the right priorities to move their organizations toward cyber resilience.” 

For more insights, research, trends, resources, tools, events, and other CISO-level content, visit Proofpoint’s CISO Hub at www.proofpoint.com/us/ciso-hub.