Lucia Milică Stacy, Global Resident CISO, Proofpoint, Inc.
Two years after the pandemic turned the world upside down, organizations have finally overcome most disruptions. But that doesn’t mean things have slowed down for chief information security officers (CISOs). The world of cybersecurity has been busy this past year. Between escalating ransomware attacks, continuing geopolitical tensions in Russia and China, and new supply chain threats, CISOs have had their hands full.
To understand the CISO mindset in this changing environment, Proofpoint surveyed more than 1,600 security leaders across the globe for our third annual Voice of the CISO report. We analyzed their responses and discovered that back to “business as usual” for CISOs means a return to elevated concerns about cyber preparedness.
In our previous survey, CISOS showed a sense of calm—having conquered the chaos of the pandemic. But those feelings are now gone. CISOs no longer feel as prepared as they were a year ago. The lingering effects of the Great Resignation, along with new challenges stemming from layoffs, only make matters worse.
Our survey results show a reverse in CISOs’ sentiments to the early days of the pandemic:
What hasn’t changed is the role that people play in an organization’s cybersecurity, especially when it comes to protecting data. Among surveyed CISOs, 82% who experienced a data loss event said that employees leaving their job was a contributing factor. Given the uncertain economy and ongoing wave of layoffs, we expect that this trend won’t go away anytime soon.
But it is surprising to see CISOs being overly optimistic about their ability to defend against their people threat. Sixty percent believe their data protection measures are adequate, even though 63% experienced the loss of sensitive data in the past 12 months.
In addition to feeling less prepared to defend their organizations, CISOs face personal battles. Based on our conversations with security leaders over the past year, it’s clear that uncertainty over personal liability, the ongoing talent shortage and other challenges are taking an increased toll on security leaders.
Sixty percent of CISOs who responded to our latest Voice of the CISO survey said they had experienced burnout in the past 12 months. We also noted a significant increase in the number of CISOs feeling their job expectations were unreasonable—61% vs. 49% in 2022.
These sentiments are concerning. CISOs can’t afford to waver if they want to confidently confront even harsher realities ahead. Security leaders need to contend with added regulatory scrutiny. They must also deal with the increased difficulty of protecting their people and data as cyber criminals double down on data extortion schemes, supply chain attacks and various other crimes made possible by the booming “as-a-service” underground economy.
We did find a ray of hope in our research for our new report. The relationship between CISOs and boards of directors is improving. Sixty-two percent of CISOs said their board sees eye-to-eye with them on cybersecurity. That compares with 51% in 2022 and 59% in 2021.
Over the past couple of years, we have seen an encouraging trend: More CISOs are finally getting a seat at the table. And it’s good timing, as an improved alliance with board members will be absolutely critical as CISOs brace for cybersecurity challenges in the months ahead.
Download the 2023 Voice of the CISO report from Proofpoint to read all the findings and analysis from our latest global survey of CISOs.