Most Global Board Members Unprepared for “Targeted” Cyberattack, Report Finds

Almost three-quarters (73%) of nearly 700 board members in a new study believe they are at risk of a “targeted" cyberattack, a sizable increase from the 65% last year, according to a recently released Proofpoint report.

The cybersecurity and compliance provider’s second annual Cybersecurity: The 2023 Board Perspective report assesses board of directors’ views on the global threat landscape, cybersecurity priorities and relationships with chief information security officers (CISOs). More than half (53%) of the 659 respondents think their organizations are unprepared to cope with a targeted attack, up from 47% the previous year.

Today's Volatile Threat Landscape Examined

The year-over-year change may reflect the ongoing volatility of the threat landscape, Proofpoint said, in addition to the mistrust of generative artificial intelligence as a security threat to their organization.

Still, 73% view cybersecurity as a priority, 72% believe their board clearly understands the cyber risks they face, and 70% believe they have adequately invested in cybersecurity.

“The newfound alignment between board members and their CISOs on cyber risk and preparedness is a positive sign that the two sides are working closer together and making progress,” said Ryan Kalember, executive vice president of Cybersecurity Strategy at Proofpoint. “However, this growing alliance hasn’t yet delivered significant changes in cybersecurity posture, despite boards feeling good about the time and resources they’re investing to combat this risk.”

AI Tools Like ChatGPT Pose Security Risk; Malware Top Concern

Key global findings from the report include:

With tools such as ChatGPT getting much of the spotlight in recent months, 59% of those surveyed view this emerging technology as a security risk to their organization.

73% of those surveyed feel their organization is at risk of a material cyberattack, compared to 65% in 2022.

73% of directors agree that cybersecurity is a priority for their board, 72% believe their board clearly understands the cyber risks they face, 70% think they have adequately invested in cybersecurity, and 84% believe their cybersecurity budget will increase over the next 12 months.

53% still view their organization as unprepared to cope with a cyberattack in the next 12 months.

Board members ranked malware as their top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

While most directors (63%) and CISOs (60%) agree that human error is their biggest risk, board members are much more confident in their organization’s ability to protect data. 75% of directors share this view, compared to only 60% of CISOs.

37% of board directors said their organization’s cybersecurity would benefit from a bigger budget, 35% would like to see more cyber resources, and 35% would like better threat intelligence.

53% of directors say they interact with security leaders regularly.

Board members and CISOs are generally closely aligned when they do interact, however, with 65% of board members say they see eye-to-eye with their CISO and 62% of CISOs agreeing.

Personal liability is a concern for boards and CISOs alike. 72% of board directors expressed concern about personal liability in the wake of a cybersecurity incident at their own organization, and 62% of CISOs agree.

Final Thoughts

“Board members are taking cybersecurity matters seriously, demonstrating they have no illusions about human risk and the impact cyber threats pose to an organization’s bottom line," Kalember said. "They are making strides in their relationships with security leaders, understanding that strong board-CISO partnerships are more critical than ever. But this is not a time to grow complacent. Boards must continue to invest heavily in improving preparedness and organizational resilience.”

Data for the study were gleaned from input of board members at organizations with 5,000 or more employees across different industries. In June 2023, more than 50 board directors were surveyed in each market in each of the following 12 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil, and Mexico.