Proofpoint, Inc., a company specializing in cybersecurity and compliance, has unveiled its second annual report titled “Cybersecurity: The 2023 Board Perspective.” This comprehensive report delves into the perspectives of global board members regarding the ever-evolving threat landscape, cybersecurity priorities, and their relationships with Chief Information Security Officers (CISOs).
The report’s key findings reveal a growing concern among board members about cybersecurity risks. A significant 73% of those surveyed now perceive their organizations to be at risk of a substantial cyber-attack, marking a notable increase from the 65% recorded in the previous year. Furthermore, 53% admit to feeling ill-prepared to address a targeted cyber-attack, up from 47% in the preceding year.
Interestingly, a parallel sentiment emerges among CISOs in the Middle East, particularly in the Kingdom of Saudi Arabia (KSA) and the United Arab Emirates (UAE). Here, 55% of KSA CISOs and a staggering 75% of UAE CISOs express concerns about facing material cyber-attacks in the next 12 months. Half of these CISOs believe their organizations are ill-equipped to counter such targeted attacks.
This year-over-year shift in perspective may be attributed to the volatile nature of the threat landscape, exacerbated by geopolitical tensions and a rise in disruptive ransomware and supply chain attacks. Additionally, the emergence of artificial intelligence (AI) tools, such as ChatGPT, has raised concerns, with 59% of board members perceiving generative AI as a security risk for their organizations.
Despite these apprehensions, a significant number of global board members remain committed to cybersecurity. A considerable 73% view cybersecurity as a priority, 72% believe their boards comprehend the cyber risks they face, and 70% feel they have adequately invested in cybersecurity.
The report’s insights are derived from a survey of 659 board members across diverse industries, representing organizations with 5,000 or more employees worldwide. In June 2023, over 50 board directors were surveyed in each of the 12 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil, and Mexico.
The report’s focus areas encompass the cyber threats and risks faced by boardrooms, their readiness to counter these threats, and their alignment with CISOs, reflecting trends observed in Proofpoint’s 2023 Voice of the CISO report. Notably, the report identifies a growing alignment between board directors and security leaders.
Ryan Kalember, Executive Vice President of Cybersecurity Strategy at Proofpoint, acknowledges the positive evolution of board-CISO relationships but emphasizes the need for continued efforts to translate awareness into effective cybersecurity strategies and investments. He underlines the significance of deeper, more productive conversations between boards and CISOs to enhance organizational resilience.
Key global findings from the report include:
– 59% of board members perceive generative AI as a security risk.
– 73% believe their organization is at risk of a material cyber-attack.
– Despite awareness and investment, 53% still view their organization as unprepared for a cyber attack.
– Top concerns include malware (40%), insider threats (36%), and cloud account compromise (36%).
– Directors and CISOs are not entirely aligned on people risk and data protection.
– Boards seek bigger budgets, more cyber resources, and better threat intelligence.
– Board-CISO interactions and relationships are improving but not universal.
– Personal liability concerns both board members (72%) and CISOs (62%).
In conclusion, the report underscores the gravity of cybersecurity concerns among board members, emphasizing the importance of collaborative efforts with CISOs to bolster preparedness and organizational resilience in the face of evolving cyber threats.