Increased Concerns for CISOs in the Post-Pandemic Era
The Shift in Perception and Rising Cybersecurity Risks
In the wake of the pandemic, when organizations were grappling with the sudden shift to remote operations, chief information security officers (CISOs) felt a temporary sense of calm as they successfully navigated through unprecedented challenges. However, as normalcy is restored, new research indicates that CISOs are now feeling less prepared and more at risk than ever before when it comes to cyberattacks.
The “2023 Voice of the CISO” report, a global survey conducted by Proofpoint involving 1,600 CISOs, reveals that 68% of respondents feel at risk of experiencing a material cyberattack in the next 12 months. This represents a significant increase from last year’s 48% and a return to the levels observed in 2021, where 64% felt vulnerable.
The report also highlights that 61% of security leaders believe their organizations are unprepared to handle targeted cyberattacks, compared to 50% in 2022 and 66% in 2021.
Reasons Behind CISOs’ Elevated Concerns
There are several factors contributing to the heightened concerns among CISOs. Firstly, the cybersecurity landscape has experienced tumultuous events in 2022, including devastating ransomware attacks that crippled organizations and even entire nations. Geopolitical tensions, such as Russia’s attacks on US airports and Chinese nation-state actors targeting telecoms, have further added to the vulnerability of organizations. Additionally, the economic downturn resulting from the pandemic has negatively impacted security budgets for 58% of CISOs, further exacerbating their concerns.
Another explanation for the increased worry among CISOs may be the anomaly of the pandemic itself. As CISOs successfully managed the immediate challenges of securing remote environments, they may have developed a false sense of confidence. However, with the return to normal operations, the security metrics might appear less reassuring, resulting in a loss of optimism.
Mounting Pressures on CISOs
In addition to the rising cybersecurity risks, CISOs face mounting pressures and new concerns that make their job increasingly unsustainable. With the landmark Uber case, where the former chief security officer faced personal liability, 62% of surveyed CISOs express concern about personal liability as well.
The survey also reveals a significant increase in burnout among CISOs, with 60% experiencing burnout in the past 12 months. Furthermore, 61% of CISOs feel that their job expectations are unreasonable, compared to 49% in the previous year.
These challenges are compounded by ongoing issues, including the cybersecurity talent shortage and recent waves of layoffs in various sectors. As a result, the role of the CISO has become increasingly unsustainable.
The Need for Champions on the Board of Directors
In these challenging times, CISOs require champions on their board of directors more than ever. Encouragingly, the Proofpoint report indicates a thawing CISO-board relationship, with 62% of CISOs agreeing that they see eye-to-eye with the board on cybersecurity issues. This trend has been on an upward trajectory over the past three years, showcasing the growing recognition of cybersecurity’s importance at the executive level.
Protecting Data and Supply Chain Security
Prioritizing Data Protection Amidst Challenges
The Voice of the CISO report emphasizes that data protection remains a paramount concern for CISOs. The ripple effects of the Great Resignation and employee turnover exacerbate the problem of data loss, with 63% of surveyed security leaders reporting material loss of sensitive data in the past 12 months. Of those, 82% attribute the loss to employees leaving the organization.
Surprisingly, 60% of CISOs believe that they have adequate controls in place to protect data. However, given the lack of confidence in their security postures, this optimism is concerning. As economic uncertainty persists and sectors beyond technology, such as manufacturing and consulting, resort to mass layoffs, the problem of data loss is expected to worsen.
The Illusion of Supply Chain Security
In terms of supply chain security, security leaders exhibit a worrisome level of optimism. Nearly two-thirds of surveyed CISOs claim to have proper controls in place for mitigating supply chain risks. However, safeguarding today’s complex and interconnected supply chain is an immensely challenging task that the industry is struggling to solve.
Most organizations lack a comprehensive understanding of third-party risk while heavily relying on various partners and suppliers. Threat actors are aware of this vulnerability, leading to a significant increase in supply chain attacks using malicious components over the past year. The report highlights a staggering 633% rise in such attacks.
Recognizing the critical nature of supply chain security, surveyed CISOs identify it as one of their top priorities for the next 12 months. However, the ability to allocate adequate resources to address this issue is dependent on the availability of security budgets, which remain uncertain.
Cybersecurity as Business Risk
The Implications of Security Risk on Business
Increased regulatory scrutiny, growing supply chain attacks, and data protection challenges have a direct impact on investor, consumer, and employee confidence in an organization. As trust becomes a crucial factor for organizational success, it is vital for both CISOs and boards to perceive security risks as business risks and understand their implications.
Solving complex cybersecurity problems necessitates a collective effort from the industry, but it starts at the organizational level, with CISOs taking the lead in driving the conversation and prioritizing cybersecurity measures.
Conclusion
The findings from the “2023 Voice of the CISO” report underscore the increased concerns and challenges faced by CISOs in the post-pandemic era. Cybersecurity risks are on the rise, while mounting pressures and personal liability concerns contribute to the unsustainability of the CISO role. Data protection and supply chain security remain critical priorities, complemented by the need to view security risk as business risk. As organizations navigate these complex challenges, it is crucial for CISOs to collaborate closely with board members and allocate adequate resources to ensure effective cybersecurity measures.
<< photo by tommao wang >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Age of Cyber Consolidation: A Comprehensive Analysis of June 2023’s Cybersecurity M&A Activity
- Aggregate Cyber Risk: An Essential Guide for Security Professionals
- Microsoft Teams Vulnerability: A New Tool Auto-Delivers Malware
- “Threads’ European Launch Delayed Amid Privacy Worries: Instagram’s Twitter Alternative Faces Hurdles”
- The Growing Power Struggle: EU Court’s Impact on Meta’s German Data Case
