A third of UK CISOs feel their organisation is unprepared to cope with a targeted cyber attack, a significant drop from three-quarters of respondents a year ago.

According to the 2024 Voice of the CISO report from Proofpoint, 27% feel unprepared to deal with an attack on their business. The report found that while fears of cyber attacks continue, CISOs are demonstrating increasing confidence in their ability to defend against these threats.

The Human Factors

For example, 73% of surveyed CISOs in the UK feel at risk of a “material cyber attack” over the next 12 months, compared to 84% the year before. 

However (65%) of UK CISOs say human error is the most significant vulnerability, but 84% of UK CISOs believe that employees understand their role in protecting the organisation - up from 75% in 2023. Also 69% of respondents believe that employees leaving the organisation contributed to data loss.

Relations between the C-suite and CISO have also improved, with 84% of UK CISOs agreeing that their board members see eye-to-eye with them on cybersecurity issues; a jump from 74% in 2023.

Tech Tactics

From a technology perspective, 55% of UK CISOs surveyed  have data loss prevention technology in place, compared to just 34% in 2023. However only 47% of respondents have invested in educating employees on data security best practices, a slight increase on 2023’s number of 44%.

The top three systems CISOs view as introducing risk to their organisations are: GenAI (40%), a perimeter network device (33%) and collaboration tools (31%).

The biggest external cybersecurity threats are ransomware attacks (51%), cloud account compromise (Microsoft 365, G Suite or other) (42%) and business email compromise (35%).

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools,” commented Ryan Kalember, chief strategy officer at Proofpoint.

“However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.