CISOs find ‘business as usual’ shows the harsh realities of cyber-risk

With the chaos of the pandemic now in the rearview mirror, we are finally back to “business as usual.” The return to normal operations may imply that chief information security officers (CISOs) can now breathe easier, but the opposite is true. CISOs are feeling less prepared to cope with cyberattacks and more at risk than last year, indicating a reversal from the early days of the pandemic, new research shows.

The “2023 Voice of the CISO” report, Proofpoint’s global survey of 1,600 CISOs, found that 68% of respondents feel at risk of experiencing a material cyberattack in the next 12 months. This is a sharp decrease from last year’s 48% and a shift back to 2021 levels, when 64% felt at risk. The report also found that 61% of surveyed security leaders believe their organization is unprepared to cope with a targeted cyberattack, compared with 50% in 2022 and 66% in 2021.

Reasons for CISOs’ Elevated Concerns

The tumultuous cybersecurity events of 2022 may be one reason behind the CISOs’ return to an elevated concern. Last year saw increasingly devastating ransomware attacks that shuttered organizations and crippled entire nations. At the same time, geopolitical tensions continued to mount with incidents such as Russia’s attacks on US airports and Chinese nation-state actors’ targeting telecoms. The shaky economy did not help matters, and 58% of surveyed CISOs shared that the downturn has affected their security budgets negatively. All these events put security leaders on edge, perhaps lowering their confidence in their security posture.

Another explanation for CISOs’ elevated concern may be the anomaly of the pandemic. Having conquered the unprecedented challenges caused by the overnight move to remote operations, security leaders felt a sense of calm. Although attack volumes did not abate, CISOs had a brief period of reprieve as they felt their organizations were less at risk. Yet the ability to secure their remote environments may have given CISOs a false sense of confidence. With the return to normal operations, the post-pandemic security metrics likely looked less reassuring, and the optimism wore off.

Growing Pressures Make the CISO’s Job Unsustainable

Whatever the reason behind CISOs’ recalibration of perceptions, their diminished confidence is exacerbated by new concerns about personal liability raised by last year’s blockbuster Uber case, which resulted in probation for the company’s former chief security officer. The US federal court ruling has deep implications that may set a dangerous precedent, and 62% of CISOs surveyed by Proofpoint agreed that they are concerned about personal liability.

The survey also revealed that 60% of CISOs have experienced burnout in the past 12 months, while 61% feel their job expectations are unreasonable, which is a big jump from the previous year’s 49%. When we add these mounting pressures to ongoing struggles such as the cybersecurity talent shortage and new issues such as the recent wave of layoffs, it is not surprising that the CISO’s role is becoming unsustainable.

To read the complete article, visit Dark Reading.