Human Error - The Weakest Point In Cyber Security 

"Give me a lever long enough and a fulcrum on which to place it, and I shall move the world," declared Archimedes, the ancient Greek mathematician.  Fast forward to the digital age, and it appears that cyber attackers have taken this concept to heart, with the fulcrum being the human factor in cybersecurity. 

However now with the rising concerns over cyber threats, Chief Information Security Officers (CISOs) are showing increased confidence in their ability to counter these risks, marking a notable shift in the cyber security landscape, according to Proofpoint.

Their 2024 Voice of the CISO Report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries.  

The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries. 

CISOs’ Confidence is Growing 

According to the research, 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. As a consequence, CISOs today clearly remain on high alert, but confidence amongst them is growing: just 43% feel unprepared to cope with a targeted cyber attack, showing a marked decrease over last year’s 61% and 50% in 2022.  

Human error continues to be perceived as the Achilles’ heel problem of cyber security, with 74% of CISOs identifying it as the most significant vulnerability.

However, there’s growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic turn towards technology-driven defenses. “While the cyber security landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a vital shift towards greater resilience, preparedness and confidence amongst global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint.  

“This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.” Joyce commented.

CISOs Concerned About AI Security Threats 

This year, we are seeing an increase in the number of CISOs who view human error as their organisation’s biggest cyber vulnerability, 74% in this year’s survey vs. 60% in 2023.  However, 86% of CISOs believe that employees understand their role in protecting the organisation.  

This confidence is higher than in previous years, 61% in 2023 and 60% in 2022. This may be attributed to the 87% of CISOs surveyed looking to deploy AI powered capabilities to help protect against human error and advanced human-centered cyber threats.  

In 2024, 70% of CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, compared to 68% in 2023 and 48% in 2022.  However, just 43% feel their organisation is unprepared to cope with a targeted cyber attack, compared to 61% in 2023 and 50% in 2022.  

  • 54% of CISOs surveyed believe that Generative AI poses a security risk to their organisation. The top three systems CISOs view as introducing risk to their organisations are: ChatGPT/other GenAI (44%), Slack/Teams/Zoom/other collaboration tools (39%) and Microsoft 365 (38%).  
  • 46% of security leaders reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 73% agreed that employees leaving the organisation contributed to the loss. Despite those losses, 81% of CISOs believe they have adequate controls to protect their data.  
  • 51% of CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 35% in 2023. 53% of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (39%). 

Ransomware & Malware Are The Top CISOs Concens

The biggest cyber security threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%). These top threats are different from last year; Business Email Compromise (BEC) moved down from the first spot, ransomware moved up to first place and malware up to second place. In 2024, there’s no change from CISOs’ view on paying a ransom. 62% of CISOs believe their organisation would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.  

  • 79% of CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 61% in 2023. 
  • 84% of CISOs agree their board members see eye-to-eye with them on cyber security issues. This is a significant jump from 62% in 2023, and 51% in 2022.  
  • 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022.  

The sustainability of the ongoing expectations on CISOs continues to be tested—66% are concerned about personal liability (62% in 2023) and 72% (61% in 2023) would not join an organisation that does not offer Directors & Officers (D&O) insurance coverage.  

In addition, 59% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 48% of them being asked to cut staff or delay replacements to reduce security budgets.  

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools... However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.” commented Ryan Kalember, chief strategy officer at Proofpoint.

Proofpoint   |     Hipther   |    HelpNest Security   |      @MartyRaymond 

Image: Unsplash

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Growing Menace Of Ransomware
Warning - APT40 Espionage Group At Work »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

GTB Technologies

GTB Technologies

GTB Technologies is a cyber security company that focuses on providing enterprise class data protection and data loss prevention solutions.

Opscura

Opscura

Opscura (formerly Enigmedia) brings the reliable and cautious hands of operations together with the analytical minds of cyber experts and cryptography researchers.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

Computer Services Inc (CSI)

Computer Services Inc (CSI)

CSI is a leading fintech, regtech and cybersecurity solutions partner operating at the intersection of innovation and service.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

Hunt & Hackett

Hunt & Hackett

Hunt & Hackett helps European companies prevent, detect and respond to today’s most advanced adversaries, safeguarding them against cyberthreats and espionage.