Proofpoint survey: misalignment between Board of Directors and CISO on cybersecurity

A recent survey conducted by Proofpoint revealed that the perception of cybersecurity in Italy varies among Boards of Directors (Boards) and Chief Information Security Officers (CISOs). The result highlights an important need to improve communication between the two figures within companies. In Italy, the perception of the risk of a cyber attack is increasing and more and more companies consider themselves prepared. Although cybersecurity is a priority for most businesses, many still do not invest enough. This is the conclusion that emerged from Proofpoint's "Cybersecurity: The 2023 Board Perspective" report, which analyzed board perceptions of global threats, cybersecurity priorities and relationships with CISOs.

Board and CISO priorities and concerns

The report interviewed 659 members of the boards of directors of Italian companies with more than 5,000 employees. Compared to the previous year, 67% of Italian respondents said they felt at risk of a cyber attack, an increase from 60% in 2022. However, the level of preparedness has improved, with 39% feeling unprepared to deal a targeted attack, compared to 52% the previous year. The Italian interviewees also highlighted other interesting information. 75% of them consider cybersecurity a priority and 71% believe their board clearly understands the cyber risks they face. Despite this, only 57% of respondents say they have adequately invested in cybersecurity. However, 85% expect an increase in the budget allocated to this sector in the next 12 months.

Lack of alignment between Board and CISO

The report highlights the differences in concerns between boards of directors and CISOs regarding key threats. Italian boards of directors show greater concern about malware (41%), ransomware (39%), cloud account compromise (31%) and DDoS attacks (31%). CISOs, on the other hand, primarily fear supply chain attacks (30%), email/BEC fraud (26%) and malware (25%). It is important to note that there is a lack of alignment between the Board and the CISO. Only 55% of Italian executives say they interact regularly with safety managers, a drop from 67% the previous year. This means that nearly half of boards do not have a strong relationship with CISOs. However, when they interact, there is a good level of alignment, with 67% of executives saying they have an overview with their CISO (with 57% of CISOs confirming the same perception).

Final thoughts

In conclusion, the survey highlights the need to improve interactions and relationships between the Board of Directors and CISOs for effective cybersecurity management. Despite the increased perception of the risk of cyber attacks in Italy, many boards have yet to adequately invest in data protection. A greater effort in communication and collaboration between these figures is essential so that companies can successfully face the challenges related to cybersecurity.