The UK has shown firsthand how disagreements between CISO and company directors affect cybersecurity.
A new report from the information security company Proofpoint has revealed significant differences in the perception of threats between Chief Information Security Officers (CISO) and boards of directors in the UK.
The report, which covers the views of 659 board members from 12 countries, showed that differences of opinion can be an obstacle to effective cooperation in the fight against cyber threats.
Key indicators:
Such statistics raise the question of how effectively management and security professionals can work together if their views on key risks differ.
Confidence Dynamics: London vs all
In the UK, there is a positive trend in the perception of the level of cyber threats. If in 2022 76% of directors considered their organization vulnerable to cyber attacks, then in 2023 only 44% remained so. The trend contrasts with global indicators. In Canada, for example, the level of concern for cybersecurity increased from 50% in 2022 to 95% in 2023.
Personal responsibility and specific threats
The report pays special attention to the issue of personal responsibility. 79% of CISO's in the UK are concerned about their personal responsibility in the event of a cyber incident, while only 54% of directors have similar concerns.
Opinions also differ on specific threats. CEOs are most concerned about malware, compromised cloud accounts, and ransomware. Among CISOs, email fraud (BEC attack), threats from employees, and phishing are in the first place.
As for modern technologies, 41% of CEOs consider new technologies, such as ChatGPT, to be a potential security risk. It highlights the need for a deeper understanding of the impact of technology on cybersecurity.
From the UK to the world
Although the report focuses on the UK, its findings and statistics are of global significance. The threat perception gap between CISOs and boards of directors is not unique to a single country – this phenomenon can be observed in different regions of the world.
In an increasingly complex and volatile cyberspace, where threats know no geographical boundaries, mutual understanding and cooperation among key cybersecurity actors are becoming critical at the global level.
Proofpoint researchers emphasize the need to strengthen relationships and investment in cybersecurity not only in the UK, but also around the world. The Proofpoint report is a reminder that effective cyberthreats require a global approach and concerted action at all levels-from individual professionals to senior management and government agencies.
The role of CISO has gained a lot of weight in recent years, as evolving and escalating digital threats raise the stakes for organizations of any size and focus. But organizations don't always have a clear idea of what they want from their CISOs . And CISOs, in turn, are not always clear about what kind of leaders they are or want to be.
It is worth noting that a capable security manager is invaluable. This is a fact that organizations have recently recognized more and more often. CISO salaries are usually very high, but the range of compensation is also very wide. This is how companies try to retain competent specialists. In our article, we discussed the cash payments that a CISO can expect in a foreign company.
A new report from the information security company Proofpoint has revealed significant differences in the perception of threats between Chief Information Security Officers (CISO) and boards of directors in the UK.
The report, which covers the views of 659 board members from 12 countries, showed that differences of opinion can be an obstacle to effective cooperation in the fight against cyber threats.
Key indicators:
- 78% of CISOs consider the human factor to be the greatest risk for data protection.
- Only 56% of the board's directors share this opinion.
- 73% of CISOs are confident in their organization's ability to protect data.
- Among the board's directors, only 56% agree.
Such statistics raise the question of how effectively management and security professionals can work together if their views on key risks differ.
Confidence Dynamics: London vs all
In the UK, there is a positive trend in the perception of the level of cyber threats. If in 2022 76% of directors considered their organization vulnerable to cyber attacks, then in 2023 only 44% remained so. The trend contrasts with global indicators. In Canada, for example, the level of concern for cybersecurity increased from 50% in 2022 to 95% in 2023.
Personal responsibility and specific threats
The report pays special attention to the issue of personal responsibility. 79% of CISO's in the UK are concerned about their personal responsibility in the event of a cyber incident, while only 54% of directors have similar concerns.
Opinions also differ on specific threats. CEOs are most concerned about malware, compromised cloud accounts, and ransomware. Among CISOs, email fraud (BEC attack), threats from employees, and phishing are in the first place.
As for modern technologies, 41% of CEOs consider new technologies, such as ChatGPT, to be a potential security risk. It highlights the need for a deeper understanding of the impact of technology on cybersecurity.
From the UK to the world
Although the report focuses on the UK, its findings and statistics are of global significance. The threat perception gap between CISOs and boards of directors is not unique to a single country – this phenomenon can be observed in different regions of the world.
In an increasingly complex and volatile cyberspace, where threats know no geographical boundaries, mutual understanding and cooperation among key cybersecurity actors are becoming critical at the global level.
Proofpoint researchers emphasize the need to strengthen relationships and investment in cybersecurity not only in the UK, but also around the world. The Proofpoint report is a reminder that effective cyberthreats require a global approach and concerted action at all levels-from individual professionals to senior management and government agencies.
The role of CISO has gained a lot of weight in recent years, as evolving and escalating digital threats raise the stakes for organizations of any size and focus. But organizations don't always have a clear idea of what they want from their CISOs . And CISOs, in turn, are not always clear about what kind of leaders they are or want to be.
It is worth noting that a capable security manager is invaluable. This is a fact that organizations have recently recognized more and more often. CISO salaries are usually very high, but the range of compensation is also very wide. This is how companies try to retain competent specialists. In our article, we discussed the cash payments that a CISO can expect in a foreign company.
