Voice of the CISO report

It’s no overstatement to say that the past year was a busy one in the world of cybersecurity.

Ransomware continued to wreak havoc across the globe. New and increasingly devastating attacks upended organisations of every size, across every industry and in every jurisdiction. For example, a single ransomware attack contributed to the permanent closure of Lincoln College, a 157-year-old educational bastion in rural Illinois. On the other end of the spectrum, a series of attacks paralysed the government of Costa Rica, forcing officials there to declare an ational emergency.

The supply chain also found itself firmly in the sights of cyber criminals. Attackers doubled down on compromising third party, cloud and privileged identities to infiltrate networks and exfiltrate data.

Meanwhile, critical infrastructure hung in the balance amid a backdrop of unrelenting attacks and geopolitical unease. Russian attackers targeted US airports, and Chinese-aligned threat actors exploited telecoms’ vulnerabilities.

The prior year, with most pandemic disruption overcome, CISOs for a brief time appeared to feel a sense of calm, composure and confidence in their security posture. Astoundingly, that feeling has already vanished, replaced by elevated concern.

As we look to 2023 and beyond, we can expect a return to a hars her reality. Ransomware looks set to wreak more disruption as data extortion becomes the rule rather than the exception. At the same time, increasing commercialisation of dark-web exploit tools, initial-access brokers and “as-a-service” attack infrastructures threaten to make cyber crime even more open to anyone with a few dollars and ill intent.

Amid growing concerns around cyber risk and organisational preparedness, navigating this threat landscape remains a matter of protecting people and defending data. Modern CISOs know that us ers are at the centre of cybersecurity. And they understand how critical it is to safeguard their organisation’s sensitive information, especially in light of an uncertain economy and employee churn.

To gain deeper insight into the mind of the CISO during this pivotal time, Proofpoint surveyed 1,600 of them from around the world. They graciously shared their experiences over the last year and their outlook for the years ahead.

In this summary of our findings, we explore how the global reces sion is applying pressure to security budgets and how CISOs must remain steadfast in pressing the C-suite for critical controls to protect their organisations. We also learn how boards are increasingly becoming part of the cybersecurity conversation and the impact this is having on their understanding of security issues and their relationships with CISOs. Finally, we unpack the issue of burnout among CISOs as many struggle with the pressures of personal liability and excessive expectations.

Once again, this report would not have been possible without the insight offered by cybersecurity and information security professionals across the globe. We offer our sincere thanks for your time and your feedback.