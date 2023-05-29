Which cybersecurity attacks cause the most concern? ProofPoint he asked 1,600 CISOs from 16 countries and compiled the findings in the report Voice of the CISO 2023. In the opinion of the 100 Italian CISOs involved in the investigation, in our country the most worrying attacks are those aimed at the supply chainfollow the email fraud and malware. Last year, however, the top concerns were insider threats, closely followed by smishing/vishing and email fraud.

Cybersecurity affects the entire ecosystem

“Greater perception of possible attacks on the supply chain – he has declared Luca Maiocchi, Country Manager of Proofpoint – it is a sign that cybersecurity no longer looks at the company itself, but also at the entire ecosystem. According to the responses of our CISOs also the frode via email is positioned quite high in the ranking of concerns and is an attack type that it still gives excellent economic results to those who perpetuate it. Il ransomware it is a constant presence, albeit in a lower percentage, but it still hits hard. Even the perception of internal threat is growing whether negligence, general threat or willful misconduct”.

Il However, 51% of Italian CISOs claimed to have adequate controls to mitigate supply chain risk, up slightly from 49% last year. However, while these protections may seem adequate at the moment, CISOs may feel more under-resourced in the future: In fact, 53% say that economic instability has negatively impacted their cybersecurity budget.

54% of CISOs report loss of sensitive data

Il 54% of Italian IT managers had to face the loss of sensitive information in the last 12 monthsthe. Among them, 83% agree that i employees who left the company contributed to this loss. Also human risk remains a concern and there is a slight increase in the number of Italian CISOs who consider human error as the main IT vulnerability of their organization (48% this year, compared to 43% in 2022 and 50% in 2021). Again in line with previous years, 54% of IT security managers believe that i employees understand their role in protecting the company, compared to 51% in 2022 and 54% in 2021; this lack of significant progress indicates a difficulty in building a strong safety culture.

“The user who uses the IT platform for their work can make mistakes – he has declared Matteo Colella, CISO of Siram Veolia – but there is also a “shadow” human factor, that is those who take care of the configuration, the programming, the infrastructures who in turn can make mistakes and thus open up to other vulnerabilities. The only way to deal with this risk is trainingthe main weapon within companies to make all IT and non-IT personnel involved in IT issues and risks”.

The use of insurance is also growing

Il 54% of Italian CISOs believe their company would pay a ransom to restore systems and prevent data from spreading in the event of a ransomware attack. The use of insurance is also growing to shift risk: 54% also said they would claim through cyber insurance to recoup losses suffered in various types of attacks.

Il The use of insurance is also growing in our country’s company believes that members of the board of directors agree with them on cybersecurity issues. This is a substantial increase from the 34% of CISOs who shared this view last year, and more in line with the 56% in 2021.

More and more under pressure

Life as a CISO is increasingly under pressure I51% of Italian managers believe they face unreasonable job expectations, up from 45% last year. These rising expectations, combined with high-stress environments and low budgets, are having a significant impact on the quality of life, so much so that 48% of respondents said they had suffered from burnout in the last 12 months.