57 percent of German CISOs assume that their employers would pay a ransom to restore their systems and avoid disclosure of data if they were hit by a ransomware attack in the next 12 months.
That's according to this year's Voice of the CISO report, recently released by leading cybersecurity and compliance firm Proofpoint. According to the report, many companies are willing to bear this risk alone. Only 44 percent of respondents indicated that they would use cyber insurance to compensate for damage caused by attacks.
Business Email Compromise risk from ransomware
German CISOs are currently most concerned about Business Email Compromise (BEC), also known as CEO fraud in this country. 31 percent rate BEC as the most significant cyber threat over the next 12 months. Ransomware was mentioned by only one in five respondents (20%). BEC has thus replaced ransomware as the most feared cyber threat. In the BEC, cybercriminals compromise a company through phishing emails. These emails are intended to trick employees into giving up money – sometimes hundreds of thousands of euros in a single transfer – or confidential company data or personal data.
On the other hand, German CISOs currently consider human error to be less of a threat to their cyber security. Only 45 percent name human error as the biggest cyber vulnerability in their organization. Last year, this applied to 58 percent. This finding is particularly surprising because only 52 percent are sure that the company's workforce understands their role in the cyber security of their organization, compared to 61 percent in 2022 and 70 percent in 2021. Furthermore, only 36 percent of German companies regularly train their employees on best practices of data security.
Background to the Voice of the CISO Report
For this year's Voice of the CISO report, at least 2023 CISOs each in medium and large companies from various industries in 100 countries worldwide were surveyed during the first quarter of 16: USA, Canada, Great Britain, France, Germany, Italy, Spain, Sweden, the Netherlands, United Arab Emirates, Saudi Arabia, Australia, Japan, Singapore, South Korea and Brazil.
More at Proofpoint.com
About Proofpoint Proofpoint, Inc. is a leading cybersecurity company. The focus for Proofpoint is the protection of employees. Because these mean the greatest capital for a company, but also the greatest risk. With an integrated suite of cloud-based cybersecurity solutions, Proofpoint helps organizations around the world stop targeted threats, protect their data, and educate enterprise IT users about the risks of cyberattacks.