Human Error - The Weakest Point In Cyber Security 

Uploaded on 2024-07-12 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

"Give me a lever long enough and a fulcrum on which to place it, and I shall move the world," declared Archimedes, the ancient Greek mathematician.  Fast forward to the digital age, and it appears that cyber attackers have taken this concept to heart, with the fulcrum being the human factor in cybersecurity. 

However now with the rising concerns over cyber threats, Chief Information Security Officers (CISOs) are showing increased confidence in their ability to counter these risks, marking a notable shift in the cyber security landscape, according to Proofpoint.

Their 2024 Voice of the CISO Report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries.  

The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries. 

CISOs’ Confidence is Growing 

According to the research, 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. As a consequence, CISOs today clearly remain on high alert, but confidence amongst them is growing: just 43% feel unprepared to cope with a targeted cyber attack, showing a marked decrease over last year’s 61% and 50% in 2022.  

Human error continues to be perceived as the Achilles’ heel problem of cyber security, with 74% of CISOs identifying it as the most significant vulnerability.

However, there’s growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic turn towards technology-driven defenses. “While the cyber security landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a vital shift towards greater resilience, preparedness and confidence amongst global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint.  

“This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.” Joyce commented.

CISOs Concerned About AI Security Threats 

This year, we are seeing an increase in the number of CISOs who view human error as their organisation’s biggest cyber vulnerability, 74% in this year’s survey vs. 60% in 2023.  However, 86% of CISOs believe that employees understand their role in protecting the organisation.  

This confidence is higher than in previous years, 61% in 2023 and 60% in 2022. This may be attributed to the 87% of CISOs surveyed looking to deploy AI powered capabilities to help protect against human error and advanced human-centered cyber threats.  

In 2024, 70% of CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, compared to 68% in 2023 and 48% in 2022.  However, just 43% feel their organisation is unprepared to cope with a targeted cyber attack, compared to 61% in 2023 and 50% in 2022.  

  • 54% of CISOs surveyed believe that Generative AI poses a security risk to their organisation. The top three systems CISOs view as introducing risk to their organisations are: ChatGPT/other GenAI (44%), Slack/Teams/Zoom/other collaboration tools (39%) and Microsoft 365 (38%).  
  • 46% of security leaders reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 73% agreed that employees leaving the organisation contributed to the loss. Despite those losses, 81% of CISOs believe they have adequate controls to protect their data.  
  • 51% of CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 35% in 2023. 53% of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (39%). 

Ransomware & Malware Are The Top CISOs Concens

The biggest cyber security threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%). These top threats are different from last year; Business Email Compromise (BEC) moved down from the first spot, ransomware moved up to first place and malware up to second place. In 2024, there’s no change from CISOs’ view on paying a ransom. 62% of CISOs believe their organisation would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.  

  • 79% of CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 61% in 2023. 
  • 84% of CISOs agree their board members see eye-to-eye with them on cyber security issues. This is a significant jump from 62% in 2023, and 51% in 2022.  
  • 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022.  

The sustainability of the ongoing expectations on CISOs continues to be tested—66% are concerned about personal liability (62% in 2023) and 72% (61% in 2023) would not join an organisation that does not offer Directors & Officers (D&O) insurance coverage.  

In addition, 59% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 48% of them being asked to cut staff or delay replacements to reduce security budgets.  

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools... However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.” commented Ryan Kalember, chief strategy officer at Proofpoint.

Proofpoint   |     Hipther   |    HelpNest Security   |      @MartyRaymond 

Image: Unsplash

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Growing Menace Of Ransomware
Warning - APT40 Espionage Group At Work »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

Venustech

Venustech

Venustech is a leading provider of network security products, trusted security management platforms, specialized security services and solutions.

UM6P Ventures

UM6P Ventures

UM6P Ventures is an African based early-stage ventures firm operating two funds; a Digital Transformation fund and a Deeptech Ventures fund.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

Complete Cyber

Complete Cyber

Complete Cyber provide professional cybersecurity services and products to help secure your infrastructure, systems and data.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.

St Fox

St Fox

St. Fox is a leading consultancy helping enterprises secure their Cloud, Data, endpoints, and applications.