Survey: 70 Percent of CISOs Feel at Risk for Cyber Attack in Next 12 Months

Proofpoint, Inc., a cybersecurity and compliance company recently released its annual Voice of the CISO report, which explores key challenges, expectations and priorities of chief information security officers (CISOs) worldwide.

The 2024 report draws attention to a notable trend: while fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape. Over two-thirds (70%) of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. CISOs today clearly remain on high alert, but confidence among them is growing: just 43% feel unprepared to cope with a targeted cyber attack, showing a marked decrease over last year’s 61% and 50% in 2022.

Human error continues to be perceived as the Achilles' heel of cybersecurity, with almost three-quarters (74%) of CISOs identifying it as the most significant vulnerability. In a year of growing insider threats and people-driven data loss, more CISOs than ever (80%) see human risk, in particular negligent employees as a key cybersecurity concern over the next two years. However, there's growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic pivot towards technology-driven defenses.

The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organizations of 1,000 employees or more across different industries. Throughout the course of Q1 2024, 100 CISOs were interviewed in each market across 16 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, Singapore, South Korea, and Brazil.

The report offers a vital perspective on the state of cybersecurity from those at the forefront of protecting people and defending data. The report also stresses the importance of maintaining robust cybersecurity measures in the face of economic pressures and the critical role of human factors in organizational cyber readiness. The survey also measures the changes in alignment between security leaders and their boards of directors, exploring how their relationship impacts security priorities.

“While the cybersecurity landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a pivotal shift towards greater resilience, preparedness and confidence among global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint. “This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.”

Key global findings from Proofpoint’s 2024 Voice of the CISO report include:

  • Human error still tops cyber vulnerability threats, but CISOs turn to AI solutions to help. This year, we are seeing an uptick in the number of CISOs who view human error as their organization’s biggest cyber vulnerability—74% in this year’s survey vs. 60% in 2023. However, 86% of CISOs believe that employees understand their role in protecting the organization. This confidence is higher than in previous years—61% in 2023 and 60% in 2022. This may be attributed to the 87% of CISOs surveyed looking to deploy AI-powered capabilities to help protect against human error and advanced human-centered cyber threats.
  • More CISOs fear cyber attacks but fewer feel unprepared, showing growing confidence in their security measures. In 2024, 70% of CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, compared to 68% in 2023 and 48% in 2022. However, just 43% feel their organization is unprepared to cope with a targeted cyber attack, compared to 61% in 2023 and 50% in 2022.
  • Generative AI tops CISOs security concerns. In 2024, 54% of CISOs surveyed believe that generative AI poses a security risk to their organization. The top three systems CISOs view as introducing risk to their organizations are: ChatGPT/other genAI (44%), Slack/Teams/Zoom/other collaboration tools (39%) and Microsoft 365 (38%).
  • Employee turnover is still a concern, yet CISOs trust their defenses. In 2024, 46% of security leaders reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 73% agreed that employees leaving the organization contributed to the loss. Despite those losses, 81% of CISOs believe they have adequate controls to protect their data.
  • The majority of CISOs have adopted DLP technology and invested more in security education. 51% of CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 35% in 2023. More than half (53%) of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (39%).
  • Ransomware and malware top CISOs concerns. The biggest cybersecurity threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%). These top threats are different from last year; business email compromise (BEC) moved down from the first spot, ransomware moved up to first place and malware up to second place.
  • Steady stance on ransom payments with increased reliance on cyber insurance. In 2024, there’s no change from CISOs’ view on paying a ransom. 62% of CISOs believe their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. 79% of CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 61% in 2023.
  • The Board-CISO relationship has improved significantly. In 2024, 84% of CISOs agree their board members see eye-to-eye with them on cybersecurity issues. This is a significant jump from 62% in 2023, and 51% in 2022.
  • CISOs pressures are unrelenting. In 2024, 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022. The sustainability of the ongoing expectations on CISOs continues to be tested—66% are concerned about personal liability (62% in 2023) and 72% (61% in 2023) would not join an organization that does not offer Directors & Officers (D&O) insurance coverage. In addition, 59% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 48% of them being asked to cut staff or delay backfills as well as reduce security budgets.

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools,” commented Ryan Kalember, chief strategy officer at Proofpoint. “However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.” To download the 2024 Voice of the CISO report, please visit: https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report

Featured

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

  • Deploying in a Hybrid, Cloud Environment

    The way organizations manage access control is evolving. Traditional on-premises systems come with high IT and server requirements. At the same time, fully cloud-based solutions may not meet the needs of every facility. Read Now

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.