Cybersecurity and compliance company Proofpoint just released its second annual report Cyber Security: The Executive Perspective 2023that analyzes Corporate boards’ perceptions of the threat landscape read Cybersecurity priorities and relationships with CISOs.
To produce this report, 659 board members from organizations with 5,000 or more employees across various industries were interviewed. In June 2023, more than 50 directors were interviewed in the following 12 countries: USA, Canada, UK, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil and Mexico.
This is shown by the results relating to the Spanish market 76% of respondents believe their organization is at risk of a cyber attack. In 2022, this share was 68%. Likewise, 52% do not feel prepared for a targeted attack, compared to 47% last year.
This year-over-year change may reflect continued volatility in the threat landscape, including ongoing geopolitical tensions as well as increases in disruptive ransomware and supply chain attacks.
The emerging risk of artificial intelligence (AI) tools like ChatGPT could also add to this sentiment 52% of board members in Spain believe that generative AI poses a risk to the security of their company.
Despite these concerns, 80% of Spanish respondents consider cybersecurity to be a priority, 90% believe their board of directors clearly understands the cyber risks they face, and 74% believe there has been adequate investment in cybersecurity.
CISO and board members are better aligned
This study looks at three key areas: the risks and cyberattacks facing boards, the level of readiness to address these threats, and how these managers are connected to CISOs based on the study results. Voice of the CISO 2023 by Proofpoint. Regarding this last report, The number of CISOs feeling vulnerable and unprepared has increased and closer coordination than before between board members and security officers.
“This new alignment between board members and CISOs on cyber risk and preparedness is a positive sign that the two parties are working closer together and making progress.” says Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy.
“However, this growing alliance has not yet prompted any significant shifts in cybersecurity positioning, although boards are pleased with the time and resources they are investing in addressing this risk.” Add.
“Further strengthening the relationship between the board and the CISO will be critical in the coming months, allowing security officers and directors to have more effective conversations and ensure they are investing in the right priorities.” closes.
Definitely is Boards and CISOs have different concerns about the main threats: It dominates in Spanish boardrooms Malware (42%), insider threats (36%) and DDoS attacks (36%).
This differs from opinion Spanish CISOs who point out Insider Threats (38%), Email Fraud/Business Email Compromise (37%), and Supply Chain Attacks (37%) to his biggest concerns.
These two poles also disagree on the origins of the incidents: while a majority of Spanish directors (56%) and CISOs in Spain (65%) agree that human error is their greatest risk, boards are significantly more confident in the ability the organization to protect their data (78%), compared to CISOs (51%).
Interactions and relationships between the board and CISOs in Spain are improving: 70% of managers say they regularly interact with security managers which represents a significant increase compared to the previous year (39%).
In addition, board members and security officers tend to work more closely with each other: 78% of consultants say they share the same sentiment as CISOs, and 68% of security managers say something similar.
“Board members take cybersecurity issues seriously and demonstrate that they are not swayed by perceptions of human risk and the impact of cyber threats on a company’s bottom line. They are expanding their relationships with security officials and recognize that a strong partnership between cybersecurity councils and organizations is more important than ever.” confirms Kalember.
“But this is not the time to rest on your laurels. Boards must continue to invest heavily in improving the readiness and resilience of their organizations. It does this by fostering even deeper and more productive conversations with CISOs to ensure directors are making informed and strategic decisions that produce positive outcomes.” apostille.