Proofpoint Report: Singapore CISOs View Human Error as Top Cybersecurity Threat
Proofpoint, Inc., a leading cybersecurity and compliance company today released its annual Voice of the CISO report, which explores key challenges, expectations and priorities of chief information security officers (CISOs) worldwide.
The 2024 report draws attention to a notable trend: while fears of cyberattacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape. Two-thirds (67%) of surveyed CISOs in Singapore feel at risk of a material cyberattack over the next 12 months, compared to 80% the year before. CISOs today clearly remain on high alert, but confidence among them is growing: just 36% feel unprepared to cope with a targeted cyberattack, showing a marked decrease over last year’s 55% and 39% in 2022.
Human error continues to be perceived as the Achilles’ heel of cybersecurity, with two-thirds (67%) of Singapore CISOs identifying it as the most significant vulnerability. In a year of growing insider threats and people-driven data loss, 84% of the CISOs see human risk, in particular negligent employees, as a key cybersecurity concern over the next two years. However, there’s growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic pivot towards technology-driven defences.
The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries. Throughout the course of Q1 2024, 100 CISOs were interviewed in each market across 16 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, Singapore, South Korea, and Brazil.
The report offers a vital perspective on the state of cybersecurity from those at the forefront of protecting people and defending data. The report also stresses the importance of maintaining robust cybersecurity measures in the face of economic pressures and the critical role of human factors in organisational cyber readiness. The survey also measures the changes in alignment between security leaders and their boards of directors, exploring how their relationship impacts security priorities.
“While the cybersecurity landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a pivotal shift towards greater resilience, preparedness and confidence among global CISOs,” said Patrick Joyce, Global Resident CISO at Proofpoint. “This year’s findings underscore a collective move towards strategic defences, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.”
Key Singapore findings from Proofpoint’s 2024 Voice of the CISO report include:
-
Human error still tops cyber vulnerability threats but CISOs turn to AI solutions to help. This year, we are seeing an uptick in the number of CISOs in Singapore who view human error as their organisation’s biggest cyber vulnerability—67% in this year’s survey vs. 60% in 2023. However, 92% of CISOs believe that employees understand their role in protecting the organisation. This confidence is higher than in previous years—61% in 2023 and 60% in 2022. This may be attributed to the 86% of CISOs surveyed looking to deploy AI-powered capabilities to help protect against human error and advanced human-centred cyber threats.
-
CISOs continue to fear cyberattacks but fewer feel unprepared, showing growing confidence in their security measures. In 2024, 67% of CISOs surveyed in Singapore feel at risk of experiencing a material cyberattack in the next 12 months, compared to 80% in 2023 and 64% in 2022. However, just 36% feel their organisation is unprepared to cope with a targeted cyberattack, compared to 55% in 2023 and 39% in 2022.
-
Employee turnover is still a concern, yet CISOs trust their defences. In 2024, 32% of security leaders in Singapore reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 63% agreed that employees leaving the organisation contributed to the loss. Despite those losses, 94% of CISOs believe they have adequate controls to protect their data.
-
The majority of CISOs have adopted DLP technology and invested more in security education. 61% of Singapore CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 35% in 2023. More than three-quarters (79%) of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (42%).
-
Ransomware and malware top CISOs concerns. The biggest cybersecurity threats perceived by CISOs in Singapore this year are ransomware attacks (45%), malware (45%) and email fraud (34%). These top threats are different from last year in which CISOs perceived cloud account compromise (Microsoft 365, G Suite or other), insider threat (negligent, accidental or criminal), and malware as the biggest threats.
-
Resistance to ransom payments with increased reliance on cyber insurance. In 2024, 47% (72% in 2023) of CISOs in Singapore believe their organisation would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. Additionally, 78% of the CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 60% in 2023.
-
Generative AI tops CISOs security concerns. In 2024, 52% of CISOs surveyed in Singapore believe that generative AI poses a security risk to their organisation. The top three systems CISOs view as introducing risk to their organisations are: ChatGPT/other genAI (54%), Slack/Teams/Zoom/other collaboration tools (43%) and Microsoft 365 (36%).
-
The Board-CISO relationship has improved significantly. In 2024, 81% of CISOs in Singapore agree their board members see eye-to-eye with them on cybersecurity issues. This is a significant jump from 60% in 2023 and 44% in 2022.
-
CISOs’ pressures are unrelenting. In 2024, 49% of CISOs in Singapore admitted to burnout compared to 70% last year, while 74% feel they face excessive expectations, a steady increase from 67% last year and 35% the year before. The sustainability of the ongoing expectations of CISOs continues to be tested—69% are concerned about personal liability (56% in 2023) and 71% (59% in 2023) would not join an organisation that does not offer Directors & Officers (D&O) insurance coverage. In addition, 51% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 40% of them being asked to cut staff or delay backfills as well as reduce security budgets.
“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools,” commented Ryan Kalember, Chief Strategy Officer at Proofpoint. “However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.”
To download the 2024 Voice of the CISO report, please visit here.