73% of board members believe they face the risk of a major cyberattack in the next 12 months, a notable increase from 65% in 2022, according to Proofpoint.
Likewise, 53% of respondents do not feel prepared to face a targeted attack, compared to 47% the previous year.
The emerging risk of AI tools
This year-over-year shift may reflect continued volatility in the threat landscape, including ongoing geopolitical tensions and increases in disruptive ransomware and supply chain attacks. The emerging risk of artificial intelligence (AI) tools such as ChatGPT may also contribute to these feelings: 59% of board members believe generative AI poses a security risk to their organization.
Board members have these concerns even though 73% consider cybersecurity a priority, 72% believe their board clearly understands the cyber risks they face, and 70% believe they have adequately invested in cybersecurity .
“The new alignment between board members and their CISOs on cyber risk and preparedness is a positive sign that both parties are working more closely together and making progress. However, this growing alliance has yet to deliver significant changes in cybersecurity posture, even as boards feel good about the time and resources they are investing to combat this risk,” said Ryan Kalembervice president of cybersecurity strategy at Proofpoint.
“Our results show that it remains difficult to translate increased awareness into effective cybersecurity strategies that protect people and data. Strengthening board-CISO relationships will be instrumental in the months ahead so that directors and security leaders can have more meaningful conversations and ensure they are investing in the right priorities,” added Kalember. .
Awareness and funding do not translate into preparedness
With tools like ChatGPT receiving a lot of attention in recent months, 59% of respondents view this emerging technology as a security risk to their organization. 73% of respondents believe their organization is at risk of a significant cyberattack, compared to 65% in 2022.
73% of directors agree that cybersecurity is a priority for their board, 72% believe their board clearly understands the cyber risks they face, 70% believe they have adequately invested in cybersecurity and 84% believe their cybersecurity budget will increase over the next 12 years. month; However, these efforts are not leading to better preparedness: 53% still believe their organization is not prepared to deal with a cyberattack in the next 12 months.
Board members ranked malware as their top concern (40%), followed by insider threats (36%) and cloud account compromise (36%). This is only slightly different from CISOs’ top concerns around email/BEC fraud (33%), insider threats (30%), and cloud account compromise (29%).
Personal Accountability Is a Concern for Boards and CISOs
While most administrators (63%) and CISOs (60%) agree that human error is their biggest risk, board members are much more confident in their organization’s ability to protect data : 75% of administrators share this point of view, compared to only 60% of CISOs. 37% of administrators said their organization’s cybersecurity would benefit from a larger budget, 35% would like to see more cyber resources, and 35% would like better threat intelligence.
53% of directors say they interact regularly with security managers. While this is an increase from 47% last year, it still leaves nearly half of boards without strong relationships between CISOs and C-suites. However, board members and CISOs are generally closely aligned when interacting, with 65% of board members saying they agree with their CISO and 62% of CISOs agreeing.
72% of administrators said they were concerned about personal liability following a cybersecurity incident in their own organization, and 62% of CISOs agreed.
“Board members take cybersecurity issues seriously, demonstrating that they have no illusions about human risk and the impact of cyber threats on an organization’s bottom line. They are moving forward in their relationships with security leaders, knowing that strong partnerships between the board and CISO are more critical than ever,” Kalember said. “But now is not the time for complacency. Boards must continue to invest heavily in improving organizational readiness and resilience. This means encouraging even deeper and more productive conversations with CISOs to ensure administrators make informed strategic decisions that drive positive results.
Overall, CISOs and board members are working closely together like never before. This progress provides hope that boards’ perspectives on cybersecurity will move from a necessary compliance task to an enabler that can help shape business strategy.
Strengthening this relationship also appears to increase board confidence in cybersecurity. Despite concerns about impending attacks and lack of preparedness, board members say they feel comfortable and in control of their cybersecurity posture.