Skip to main content

Many CISOs still feel unprepared to deal with cyberattacks

(Image credit: Shutterstock / Khakimullin Aleksandr)

Most Chief Information Security Officers (CISO) across the world are fearful of a potential cyberattack and don’t feel prepared to tackle one, a new report claims.

Cybersecurity company Proofpoint polled and interviewed more than 1,400 CISOs across different industries for its inaugural 2021 Voice of the CISO report, and found that in the UK, 81 percent feel at risk of suffering a material cyberattack over the next 12 months.

Many of them (68 percent) are worried because they don’t feel prepared to cope with such an event. Awareness also seems to be rising, as 50 percent more CISOs in the UK fear the repercussions of a cyberattack this year, compared to 2020. 

Most (62 percent) still see their employees as their weakest link, believing they could fall prey to a phishing attack, or could initiate a criminal insider attack themselves. 

The Covid-19 pandemic and the need for remote working has only made things harder, as 59 percent of CISOs in the UK believe this model of working made them more vulnerable. Criminals also seem to be aware of this fact, as attacks also seem to be rising.

And while businesses will be looking to increase their IT security budgets in order to better cope with the onslaught, they don’t expect the threats to go away any time soon. As a matter of fact, 71 percent of UK CISOs believe that cybercrime will become even more profitable for attackers.

At the same time, budgets for IT security are expected to rise at least 11 percent, on average.

“The ‘good enough’ approach of the past 12 months will simply not work in the long term: with businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cybersecurity defenses has never been more pressing,” said Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint. 

“CISOs hold a business-critical function, now more than ever. The findings from our report emphasize that CISOs need the tools to mitigate risk and develop a strategy that takes a people-centric approach to cybersecurity protection and emphasizes awareness training to address ever-changing conditions, like those experienced by organizations throughout the pandemic.”