Ransomware is directors biggest nightmare: 62% are willing to pay hackers.
According to a survey of 1,600 Information Security Directors (CISO) worldwide, more than 70% are worried about the possibility of a major cyber attack on their organizations during the year, up 2% from a year earlier and up 22% from 2022. Moreover, 31% believe that a significant attack is "very likely" (compared to 25% in 2023).
The annual Voice of the CISO report, prepared by Proofpoint, is based on data collected by Censuswide between January 20 and February 2. The study involved CISOs from organizations with at least 1,000 employees from 16 countries, including the United States, Canada, the United Kingdom, France, Germany, Italy, Spain, Sweden, the Netherlands, the United Arab Emirates, Saudi Arabia, Australia, Japan, Singapore, South Korea, and Brazil.
The most anxious nights are spent by information security specialists in South Korea (91%), Canada (90%) and the United States (87%). Their worries are associated with the risk of devastating cyber attacks that can cause serious damage. However, there are also positive changes: 43% of respondents consider their organizations unprepared for attacks, which is still better compared to 61% last year.
The main threats that cause insomnia for CISO include ransomware (41%), malware (38%), email fraud (36%), cloud account compromise (34%), internal threats (30%), and DDoS attacks (30%).
In the case of a ransomware infection, 62% of CISA admitted that they are likely to pay attackers to restore systems and prevent data leaks. This indicator remains unchanged compared to last year, despite evidence that payment does not guarantee the confidentiality of information.
Studying the results of the survey for 2024, it is impossible not to ask: why does anyone want to do such a job? Many CISOs seem to think so, too. Despite positive trends, such as increased cybersecurity representation at the board level and closer interaction between CISO and board members, there is a growing number of professionals who complain about excessive expectations. This year, 66% of respondents indicated unrealistic expectations, compared to 61% last year, 49% in 2022 and 21% in 2021.
More than 53% of respondents reported that they personally experienced burnout or witnessed it among their colleagues over the past 12 months. This can be partly explained by high-profile legal processes in which CISOs are responsible for data leaks in companies.
An example is the accusation brought against SolarWinds and its CISO Tim Brown for insufficient preparation for a supply chain attack in 2020. Such incidents cause 66% of global CISOs to worry about personal, financial and legal liability, up slightly from 62% last year.
According to a survey of 1,600 Information Security Directors (CISO) worldwide, more than 70% are worried about the possibility of a major cyber attack on their organizations during the year, up 2% from a year earlier and up 22% from 2022. Moreover, 31% believe that a significant attack is "very likely" (compared to 25% in 2023).
The annual Voice of the CISO report, prepared by Proofpoint, is based on data collected by Censuswide between January 20 and February 2. The study involved CISOs from organizations with at least 1,000 employees from 16 countries, including the United States, Canada, the United Kingdom, France, Germany, Italy, Spain, Sweden, the Netherlands, the United Arab Emirates, Saudi Arabia, Australia, Japan, Singapore, South Korea, and Brazil.
The most anxious nights are spent by information security specialists in South Korea (91%), Canada (90%) and the United States (87%). Their worries are associated with the risk of devastating cyber attacks that can cause serious damage. However, there are also positive changes: 43% of respondents consider their organizations unprepared for attacks, which is still better compared to 61% last year.
The main threats that cause insomnia for CISO include ransomware (41%), malware (38%), email fraud (36%), cloud account compromise (34%), internal threats (30%), and DDoS attacks (30%).
In the case of a ransomware infection, 62% of CISA admitted that they are likely to pay attackers to restore systems and prevent data leaks. This indicator remains unchanged compared to last year, despite evidence that payment does not guarantee the confidentiality of information.
Studying the results of the survey for 2024, it is impossible not to ask: why does anyone want to do such a job? Many CISOs seem to think so, too. Despite positive trends, such as increased cybersecurity representation at the board level and closer interaction between CISO and board members, there is a growing number of professionals who complain about excessive expectations. This year, 66% of respondents indicated unrealistic expectations, compared to 61% last year, 49% in 2022 and 21% in 2021.
More than 53% of respondents reported that they personally experienced burnout or witnessed it among their colleagues over the past 12 months. This can be partly explained by high-profile legal processes in which CISOs are responsible for data leaks in companies.
An example is the accusation brought against SolarWinds and its CISO Tim Brown for insufficient preparation for a supply chain attack in 2020. Such incidents cause 66% of global CISOs to worry about personal, financial and legal liability, up slightly from 62% last year.
