Two-thirds of respondents to a global survey of CISOs have said that they do not feel their organization is prepared enough to cope with a targeted cyber-attack. 

This widespread lack of readiness was unearthed by California enterprise security company Proofpoint during the creation of its first-ever annual 2021 Voice of the CISO Report. The report examines global third-party survey responses from more than 1,400 CISOs employed by mid- to large-size organizations.

During the first quarter of 2021, one hundred CISOs were interviewed in each market across 14 countries: Australia, Canada, France, Germany, Italy, Japan, Saudi Arabia, the Netherlands, Spain, Singapore, Sweden, UAE, the UK, and the US. 

Just under two-thirds of CISOs (64%) reported feeling at risk of suffering a material cyber-attack in the next 12 months. More than half (53%) said they are more concerned about the repercussions of such an attack in 2021 than they were in 2020.

Quizzed over what form of attacks they expect to have to counter, the CISOs gave varying answers. Just over a third of respondents (34%) anticipated tackling Business Email Compromise (BEC) attacks, 31% thought insider threats would create a problem, and 33% were wary of cloud account compromise affecting O365 or G suite accounts.

Supply chain attacks, which have been prominent in the news of late, were a concern for 29% of respondents. Ransomware was the seventh most anticipated attack, with 27% of CISOs girding their loins against this particular threat.

The CISOs lacked faith in their coworkers’ ability to keep their organization safe from cyber-threats. More than half of survey respondents believe employees understand what they should be doing to protect their organization from cyber-threats; however, 58% percent of CISOs still cited human error as their organization’s biggest cyber-vulnerability. 

CISOs considered intentionally leaking data and accidentally clicking malicious links or downloading compromised files as the most likely ways employees will expose their business to risk.

Cybercrime was predicted to become more profitable over the next two years by 63% of CISOs. Nearly the same proportion (60%) predicted that over the same period, this form of crime would become riskier for those committing it.