Image: Mojahid Mottakin (unsplash)
According to Proofpoint’s second annual “Cybersecurity: The 2023 Board Perspective” report, 59% of global board members identify Generative AI (GenAI) as a potential security threat to their establishments.
The data highlights that an increasing 73% of respondents feel vulnerable to significant cyber incidents, rising from 65% in 2022. A rise was also observed in those feeling ill-equipped to handle targeted attacks, as this percentage grew from 47% in the preceding year to 53%.
Similar concerns are echoed by CISOs, particularly in the Middle East. Specifically, 55% of KSA’s CISOs and 75% of those from the UAE anticipate a high risk of facing a significant cyber incident in the forthcoming year. Notably, half of the Middle Eastern CISOs are skeptical about their organization’s preparedness against dedicated cyber incursions.
Year-over-year variations might be attributed to the ever-evolving nature of threat dynamics, which include a surge in disruptive ransomware and supply chain attacks. The advent and potential misuse of AI tools like ChatGPT further intensify these apprehensions. Despite these worries, 73% of global board members prioritize cybersecurity, with 72% confident about their board’s grasp of the cyber threats looming overhead. Furthermore, 70% are convinced of their adequate investment in cybersecurity initiatives.
Proofpoint’s 2023 report gathered insights from 659 board members of companies employing over 5,000 people across various sectors. The report spanned 12 nations including the US, Canada, the UK, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil, and Mexico, with more than 50 board directors from each nation participating in June 2023.
Key findings in the report encompass:
- Board members’ mounting concerns about cybersecurity: A growing 73% discern their organizations as vulnerable, up from 65% in 2022.
- Though the consensus about cybersecurity’s importance is high, with 84% expecting a budget increment for cybersecurity in the subsequent year, the sense of preparedness remains low at 53%.
- The primary threats as identified by board members include malware (40%), internal threats (36%), and cloud account breaches (36%).
- A disparity exists between directors and CISOs about people’s risks and data safeguarding. While most directors (63%) and CISOs (60%) recognize human mistakes as primary risks, 75% of directors believe in their organization’s data protection capabilities, compared to 60% of CISOs.
- Desired improvements by boardrooms encompass higher budgets (37%), augmented cybersecurity resources (35%), and enhanced threat intelligence (35%).
- Interactions between boards and CISOs are on an upward trajectory, with 65% of board members feeling aligned with their CISOs’ viewpoints.
- Personal accountability post a cyber event is a shared concern, with 72% of directors and 62% of CISOs expressing worries.
Ryan Kalember, the executive vice president of cybersecurity strategy at Proofpoint, emphasized the growing harmony between board members and CISOs. He noted that this synergy hasn’t significantly revamped the cybersecurity stance, even though investments have been substantial. The challenge remains in translating the heightened awareness into robust cybersecurity measures that prioritize human and data safety. Strengthening the rapport between boards and CISOs is pivotal for fostering more impactful discussions and directing resources effectively.