Majority of U.S. Education CISOs See Cyber Attack as Likely in Next 12 Months

Two-Thirds Report Dealing With Material Loss of Sensitive Data in Past Year

A majority of chief information security officers in the U.S. education sector believe they’re likely to experience a material cyber attack in the next 12 months, and a majority have dealt with a material loss of sensitive data in the previous 12 months, according to the newest Voice of the CISO report published this week by cybersecurity company Proofpoint.

For the 2023 edition of the annual report, researchers at Censuswide surveyed 1,600 CISOs from organizations with 200 employees or more across different industries in 16 countries, on behalf of Proofpoint. The survey was conducted in late January and early February and included 112 CISOs from education organizations, whose responses were shared exclusively with Campus Technology.

When asked how likely they believed a material cyber attack against their organization to be in the next 12 months, 63% of U.S. education CISOs surveyed answered “somewhat likely” or “very likely”; just 25% believed it unlikely.

Nearly two-thirds of U.S. education CISOs, 63%, agreed that “if impacted by ransomware within the next 12 months, their organization is likely to pay a ransom to restore systems/prevent the release of data,” according to the survey results, while 25% said they disagreed. 

More than half, or 61%, of all respondents agreed that their organization is unprepared to cope with a targeted cyber attack. Among education CISOs in the United States, 38% agreed they are unprepared, with a full 50% answering “neither agree nor disagree.” Not a single U.S. education CISO indicated that their organization is prepared for such an attack.

Proofpoint’s Voice of the CISO findings “reveal that most CISOs have returned to the elevated concerns they experienced early in the pandemic,” the company said. “This pronounced shift suggests that security professionals see the threat landscape heating up once again, and have recalibrated their level of concern to match.” 

Key Findings From Education CISOs 

  • Education CISOs from the United States said they believe their biggest threat — by a longshot — is ransomware, with 63% listing it as their biggest concern. 

  • Other types of cyber threats top of mind for education respondents were:

    • DDoS attacks (38%)

    • Cloud account compromise (38%)

    • Smishing/vishing (38%)

  • 75% agreed that “human risk, including malicious and negligent employees, is a key cybersecurity concern for me in the next two years.” Not a single education respondent disagreed on this question.

  • 52% of U.S. education respondents agreed that their board sees eye to eye with them on the issue of cybersecurity — the lowest of all sectors surveyed.

  • 67% of U.S. education CISOs said they agree that “cybersecurity expertise should be a board-level requirement.” The U.S. average from all sectors was 70%, “suggesting that many believe technical knowledge is lacking in the boardroom,” Proofpoint said in the report. 

“Many CISOs no longer feel the sense of calm they may have briefly experienced, when they were upbeat after conquering the chaos wreaked by the pandemic. Back to ‘business as usual’, they are less assured in their organization’s abilities to defend against cyber risk,” said Lucia Milică Stacy, global resident CISO at Proofpoint. “Our 2023 Voice of the CISO report reveals that amidst the rising difficulties of protecting their people and defending data, CISOs are being tested at a personal level with higher expectations, burnout, and uncertainty about personal liability. The improving relationship between security leaders and board members gives us hope, however, and this partnership will enable organizations to overcome the new challenges they face this year and beyond.” 

Learn more and download the full report at https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • interconnected cloud icons with glowing lines on a gradient blue backdrop

    Report: Cloud Certifications Bring Biggest Salary Payoff

    It pays to be conversant in cloud, according to a new study from Skillsoft The company's annual IT skills and salary survey report found that the top three certifications resulting in the highest payoffs salarywise are for skills in the cloud, specifically related to Amazon Web Services (AWS), Google Cloud, and Nutanix.

  • a hobbyist in casual clothes holds a hammer and a toolbox, building a DIY structure that symbolizes an AI model

    Ditch the DIY Approach to AI on Campus

    Institutions that do not adopt AI will quickly fall behind. The question is, how can colleges and universities do this systematically, securely, cost-effectively, and efficiently?

  • minimalist geometric grid pattern of blue, gray, and white squares and rectangles

    Windows Server 2025 Release Offers Cloud, Security, and AI Capabilities

    Microsoft has announced the general availability of Windows Server 2025. The release will enable organizations to deploy applications on-premises, in hybrid setups, or fully in the cloud, the company said.

  • digital brain made of blue circuitry on the left and a shield with a glowing lock on the right, set against a dark background with fading binary code

    AI Dominates Key Technologies and Practices in Cybersecurity and Privacy

    AI governance, AI-enabled workforce expansion, and AI-supported cybersecurity training are three of the six key technologies and practices anticipated to have a significant impact on the future of cybersecurity and privacy in higher education, according to the latest Cybersecurity and Privacy edition of the Educause Horizon Report.