2021 Voice of the CISO report

2021: THE AFTERMATH OF A YEAR LIKE NO OTHER

There’s no question that 2020 was a challenging year – for organizations and individuals alike. The pandemic placed an enormous strain on the global economy, and cybercriminals took advantage of this disruption to accelerate their nefarious activities.

We were inundated with cyberattacks, both new and familiar, from pandemic-themed phishing scams to the unwavering march of ransomware. The conclusion of 2020 dealt a final blow with the SolarWinds hack, which highlighted supply chain and ecosystem vulnerabilities. With thousands of organizations impacted, what has been dubbed “the most sophisticated attack the world has ever seen” has reignited the “assume compromise” philosophy among CISOs.

Compounding our challenge, all of this occurred while we transitioned to working from home on a grand scale, literally overnight. Cybersecurity teams around the world were challenged to shore-up their security posture in this new and changing environment, attempting to pull off a balancing act between supporting remote work and avoiding business interruption, while keeping businesses secure.

With work becoming increasingly flexible, this challenge now extends into the future. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely.

In order to gauge the mood of the industry during this pivotal time, Proofpoint surveyed 1,400 CISOs from around the world and invited them to share their first-hand experiences during the past 12 months and offer their insights for the next two years.

This report contains a summary of our findings. We explore how CISOs face a constant barrage of attacks from all angles and how they are preparing for the challenges of a hybrid workforce. We look at why human error continues to be a key vulnerability and what role cybersecurity awareness training needs to play.

We also examine the changing role and growing expectations of the CISO. Are they equipped to handle these new demands? And, what more can organizations do to help users and the cybersecurity teams tasked with their protection?

This report would not have been possible without the participation of cybersecurity and information security practitioners across the globe. Thank you for your insights and feedback.

Lucia Milică,
Global Resident Chief Information Security Officer at Proofpoint