Majority of U.S. Education CISOs See Cyber Attack as Likely in Next 12 Months

Two-Thirds Report Dealing With Material Loss of Sensitive Data in Past Year

A majority of chief information security officers in the U.S. education sector believe they’re likely to experience a material cyber attack in the next 12 months, and a majority have dealt with a material loss of sensitive data in the previous 12 months, according to the newest Voice of the CISO report published this week by cybersecurity company Proofpoint.

For the 2023 edition of the annual report, researchers at Censuswide surveyed 1,600 CISOs from organizations with 200 employees or more across different industries in 16 countries, on behalf of Proofpoint. The survey was conducted in late January and early February and included 112 CISOs from education organizations, whose responses were shared exclusively with Campus Technology.

When asked how likely they believed a material cyber attack against their organization to be in the next 12 months, 63% of U.S. education CISOs surveyed answered “somewhat likely” or “very likely”; just 25% believed it unlikely.

Nearly two-thirds of U.S. education CISOs, 63%, agreed that “if impacted by ransomware within the next 12 months, their organization is likely to pay a ransom to restore systems/prevent the release of data,” according to the survey results, while 25% said they disagreed. 

More than half, or 61%, of all respondents agreed that their organization is unprepared to cope with a targeted cyber attack. Among education CISOs in the United States, 38% agreed they are unprepared, with a full 50% answering “neither agree nor disagree.” Not a single U.S. education CISO indicated that their organization is prepared for such an attack.

Proofpoint’s Voice of the CISO findings “reveal that most CISOs have returned to the elevated concerns they experienced early in the pandemic,” the company said. “This pronounced shift suggests that security professionals see the threat landscape heating up once again, and have recalibrated their level of concern to match.” 

Key Findings From Education CISOs 

  • Education CISOs from the United States said they believe their biggest threat — by a longshot — is ransomware, with 63% listing it as their biggest concern. 

  • Other types of cyber threats top of mind for education respondents were:

    • DDoS attacks (38%)

    • Cloud account compromise (38%)

    • Smishing/vishing (38%)

  • 75% agreed that “human risk, including malicious and negligent employees, is a key cybersecurity concern for me in the next two years.” Not a single education respondent disagreed on this question.

  • 52% of U.S. education respondents agreed that their board sees eye to eye with them on the issue of cybersecurity — the lowest of all sectors surveyed.

  • 67% of U.S. education CISOs said they agree that “cybersecurity expertise should be a board-level requirement.” The U.S. average from all sectors was 70%, “suggesting that many believe technical knowledge is lacking in the boardroom,” Proofpoint said in the report. 

“Many CISOs no longer feel the sense of calm they may have briefly experienced, when they were upbeat after conquering the chaos wreaked by the pandemic. Back to ‘business as usual’, they are less assured in their organization’s abilities to defend against cyber risk,” said Lucia Milică Stacy, global resident CISO at Proofpoint. “Our 2023 Voice of the CISO report reveals that amidst the rising difficulties of protecting their people and defending data, CISOs are being tested at a personal level with higher expectations, burnout, and uncertainty about personal liability. The improving relationship between security leaders and board members gives us hope, however, and this partnership will enable organizations to overcome the new challenges they face this year and beyond.” 

Learn more and download the full report at https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • pattern featuring interconnected lines, nodes, lock icons, and cogwheels

    Red Hat Enterprise Linux 9.5 Expands Automation, Security

    Open source solution provider Red Hat has introduced Red Hat Enterprise Linux (RHEL) 9.5, the latest version of its flagship Linux platform.

  • glowing lines connecting colorful nodes on a deep blue and black gradient background

    Juniper Launches AI-Native Networking and Security Management Platform

    Juniper Networks has introduced a new solution that integrates security and networking management under a unified cloud and artificial intelligence engine.

  • a digital lock symbol is cracked and breaking apart into dollar signs

    Ransomware Costs Schools Nearly $550,000 per Day of Downtime

    New data from cybersecurity research firm Comparitech quantifies the damage caused by ransomware attacks on educational institutions.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Garners OpenAI Support

    ChatGPT creator OpenAI is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.