Insights from Proofpoint’s 2024 Voice of the CISO Report

Share This
FacebookXLinkedIn

N/A

cyber security shield

KEY TAKEAWAYS

  • 65% of CISOs feel their role is misunderstood by company leadership (Proofpoint, 2024). The communication gap is a security risk.
  • Board-level cybersecurity reporting is now expected, not optional. CISOs who can translate risk into business language get budget.
  • Human error remains the #1 attack vector. Security awareness training isn’t a checkbox – it’s the front line.

Mike Pearlstein is CEO of Fusion Computing and holds the CISSP, the gold standard in cybersecurity certification. He has led Fusion’s managed IT and cybersecurity practice since 2012, serving Canadian businesses across Toronto, Hamilton, and Metro Vancouver.

CISO key findings: 65% feel misunderstood, human error is #1, board reporting expected
Voice of the CISO: Key Findings (Proofpoint, 2024)

The Voice of the CISO report by Proofpoint (2024) reveals that 65% of CISOs feel their role is misunderstood by company leadership, human error remains the #1 attack vector, and board-level cybersecurity reporting is now expected rather than optional. For Canadian businesses, these findings highlight the communication gap between security teams and executives.

Executive Summary

A printed Voice of the CISO report in a binder open on a Canadian conference table with a yellow highlighter and a coffee mug with a ring stain
A printed CISO report open on a board table is what executive summary really looks like.

According to Proofpoint’s 2024 Voice of the CISO report, the top concerns are email fraud and business email compromise, ransomware, cloud account compromise, insider threats, and supply chain attacks. Over 70% of CISOs reported feeling at risk of a material cyberattack within 12 months. These concerns are driving increased investment in human-layer security.

The 2024 Voice of the CISO report from Proofpoint, surveying 1,600 CISOs globally, provides critical insights into the evolving landscape of cybersecurity. The report highlights the heightened concerns about cyberattacks, the significant role of human error in security vulnerabilities, and the increasing reliance on AI-driven solutions to combat these threats. Here are the key findings and implications for cybersecurity leaders.

Key Findings

A wall of pink and yellow post-it notes on a Canadian boardroom wall labelled with hand-written CISO findings like burnout AI risk and supply chain
A wall of post-its is what a real findings discussion looks like before the slide deck.
  1. Perceived Vulnerability and Preparedness
    • 70% of CISOs feel vulnerable to a material cyberattack within the next 12 months.
    • Despite this, 43% feel unprepared to manage such an attack, showing a slight improvement from previous years.
  2. Human Error as a Major Vulnerability
    • 74% of CISOs view their employees as the largest vulnerability within their organizations.
    • 87% plan to deploy AI-driven solutions to mitigate human-centric threats, indicating a strategic shift towards advanced technological defenses.
  3. Data Loss and Insider Threats
    • 46% of CISOs reported dealing with the loss of sensitive data in the past year.
    • Of these incidents, 73% were attributed to employees leaving the organization, underscoring the challenge of managing insider threats.
  4. Economic Impact and Investment Challenges
    • 59% of CISOs believe their ability to make critical cybersecurity investments is impeded by the current economic downturn.
    • 62% state their organization would pay a ransom to prevent data exposure and restore systems in a ransomware incident, reflecting the high stakes involved.
  5. Concerns About Personal Liability
    • 66% of CISOs express concern about personal liability for cyber incidents, highlighting the personal risks associated with the role.
  6. Cyber Insurance as a Safety Net
    • 79% rely on cyber insurance to recover from potential cyber losses, showing the importance of insurance in their risk management strategy.
  7. Boardroom Alignment
    • 84% of CISOs are confident that their board members agree with them on cybersecurity issues, indicating stronger alignment between CISOs and organizational leadership.

Implications for Cybersecurity Strategy

A printed cybersecurity strategy roadmap open on a Canadian conference table beside a binder with tabs and a coffee mug leaving a faint ring stain
A printed roadmap is the artefact that turns CISO findings into a budget conversation.

Proofpoint’s Voice of the CISO report found 68% of CISOs feel their organization is at risk of a material cyberattack within the next 12 months, yet only 61% have a cyber incident response plan tested within the past year. The gap between risk awareness and preparation readiness is where most breaches originate. and where Canadian SMBs consistently underinvest.

  • Enhanced Employee Training and Awareness: Given that human error remains a significant risk, investing in comprehensive cybersecurity training programs is crucial. Ensuring employees understand their role in safeguarding the organization’s data can mitigate this risk.
  • AI-Driven Security Solutions: With a majority of CISOs planning to utilize AI to enhance security, it’s essential to integrate AI tools that can proactively identify and mitigate threats, especially those arising from human errors.
  • Focus on Insider Threat Management: Implementing robust data loss prevention (DLP) strategies and closely monitoring employee activity, especially during offboarding processes, can help prevent data breaches caused by insiders.
  • Economic Considerations: In light of economic challenges, CISOs should prioritize cybersecurity investments that offer the highest return on investment. Solutions that address multiple threat vectors efficiently can provide the best value.
  • Cyber Insurance: Given the reliance on cyber insurance, it’s vital to regularly review and update insurance policies to ensure adequate coverage and compliance with the latest security protocols.
  • Board Engagement: Maintaining strong communication with the board and ensuring alignment on cybersecurity priorities can help secure necessary resources and support for security initiatives.

Conclusion

The Proofpoint 2024 Voice of the CISO report underscores the complex and evolving challenges that CISOs face today. From managing human error and insider threats to navigating economic constraints and ensuring boardroom alignment, CISOs must adopt a multifaceted approach to cybersecurity. By leveraging AI-driven solutions, enhancing employee training, and maintaining robust risk management practices, organizations can better prepare for the threats of today and tomorrow.

For more insights and to access the full report, visit Proofpoint.

Related Resources

Why this matters for Canadian businesses: The Canadian Centre for Cyber Security identifies ransomware, business email compromise, and credential-theft phishing as the dominant threats facing Canadian organisations, the same human-layer vectors that 74 percent of CISOs in the Proofpoint 2024 report flag as their top risk. Statistics Canada cyber incident surveys show that small and mid-sized firms are hit most often yet operate with the lightest security budgets, exactly the economic-pressure dynamic the report describes. The Canadian Anti-Fraud Centre continues to log record losses from BEC and ransomware events that begin with a single phished credential, and federal guidance from ISED through the CyberSecure Canada certification points SMBs toward multi-factor authentication, endpoint detection and response, security awareness training, and an incident response plan as the defensible baseline that cyber insurers now require before binding a policy. Sources: cyber.gc.ca, statcan.gc.ca, antifraudcentre-centreantifraude.ca, ised-isde.canada.ca.

Not Sure Where Your IT Stands?

Tell us about your setup and biggest IT headache. We’ll let you know if we’re a fit and what it would cost. No pressure, no strings.

What are the key findings of Proofpoint’s 2024 Voice of the CISO report?

The 2024 report surveyed 1,600 CISOs globally and found that 70 percent feel vulnerable to a material cyberattack in the next 12 months, while 43 percent feel unprepared to handle one. Human error was identified as the largest vulnerability by 74 percent of CISOs, and 87 percent plan to deploy AI-driven tools to address human-centric threats. Data loss from insider actions was also a top concern.

Fusion Computing is a Canadian-owned managed IT and cybersecurity provider serving businesses with 10 to 150 employees since 2012. With a 93% first-contact resolution rate and CISSP-certified security leadership, Fusion Computing delivers monitoring, help desk, and security services aligned to CIS Controls v8.1.

Why do CISOs consider employees the largest cybersecurity vulnerability?

Employees are targeted because attackers find it faster and easier to trick a person than to break through technical controls. Phishing, social engineering, and pretexting attacks exploit human psychology rather than software vulnerabilities. Even well-intentioned employees can accidentally share credentials, click malicious links, or misconfigure systems. That’s why human-focused training and behavioral monitoring are priorities for most security leaders.

How are CISOs using AI to address cybersecurity threats?

CISOs are deploying AI-driven security tools for threat detection, behavioral analysis, and automated response to reduce the time between attack and containment. AI can process security event data at a scale no human team can match, identifying anomalies that indicate a breach in progress. It’s particularly useful for detecting the kind of subtle, persistent threats that traditional signature-based tools miss.

What is the impact of the economic environment on cybersecurity investment?

The 2024 report found that 59 percent of CISOs believe economic conditions are limiting their ability to make needed cybersecurity investments. Budget pressure leads to understaffed security teams, delayed tool deployments, and deferred risk remediation. This creates a widening gap between the threat landscape and organizational defenses, which is why many CISOs are prioritizing tools and managed services that multiply the effectiveness of limited resources.

How prevalent are insider threats in cybersecurity?

The Proofpoint report found that 46 percent of CISOs dealt with sensitive data loss in the past year, and 73 percent of those incidents were attributed to employees leaving the organization. Insider threats include both malicious actors and negligent employees. Managing this risk requires data loss prevention (DLP) tools, clear offboarding procedures that revoke access immediately, and monitoring for unusual data movement.

What should organizations do if they can’t fully fund their cybersecurity program?

Prioritize the controls that address the most likely and highest-impact threats for your organization. For most businesses, that means strong authentication, endpoint protection, email filtering, and employee training. Partner with a managed security provider to extend your capabilities without adding headcount. And be transparent with leadership about the residual risk that exists when budget constraints prevent full implementation of recommended controls.

Fusion Computing serves Canadian businesses across:


About Fusion Computing

Fusion Computing has provided managed IT, cybersecurity, and AI consulting to Canadian businesses since 2012. Led by a CISSP-certified team, Fusion supports organizations with 10 to 150 employees from Toronto, Hamilton, and Metro Vancouver.

93% of issues resolved on the first call. Named one of Canada’s 50 Best Managed IT Companies two years running.

Call Us

Explore Services

Free Assessments

Coverage Areas

Contact

100 King Street West, Suite 5700
Toronto, ON M5X 1C7
(416) 566-2845
1 888 541 1611