Proofpoint’s Voice of the CISO 2021 Report unpacked

CISO, Cyber Security, Proofpoint’s Voice of the CISO 2021 Report unpacked

Proofpoint’s Voice of the CISO 2021 Report has revealed that more than two-thirds of UK CISOs feel unprepared to cope with a cyberattack.

Leading cybersecurity and compliance company Proofpoint has released its inaugural 2021 Voice of the CISO report, which examines the key challenges facing CISOs after one of the most unprecedented years in living history. 

The report at a glance

This year’s report surveys over 1,400 CISOs from medium and large-sized companies across 14 countries: the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, and Singapore.

“Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight. This required a balancing act between supporting remote work and avoiding business interruption while securing those environments,” commented Lucia Milica, global resident CISO at Proofpoint. 

“With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instil confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely.”

The survey has three key areas of focus: 

  • The types of cyber threats that CISOs face daily
  • The requirements in the future to support a hybrid workforce as businesses reopen offices.
  • Employee education and preparedness in cybersecurity.

The report also takes a look at the challenges CISOs face in their roles, as well as the expectations of their teams. 


There are some clear trends emerging from the report. Key findings from UK respondents include:

CISOs are on high alert to a wealth of threats 

In the age where it is not a case of if but when concerning cyber attacks, 81% of surveyed UK CISOs feel at risk of suffering a material cyber attack in the next 12 months. This is the highest percentage globally. Insider threats, Cloud Account Compromise, and DDOS attacks comprised the three key types of attacks that CISOs are concerned about. 

Concern for cyber preparedness is still high

With the introduction of remote working and advancement towards hybrid working, 68% of UK CISOs feel their organisation is unprepared to cope with a targeted cyberattack in 2021. Half of the UK CISOs that took part in the survey have expressed a greater concern for a cyber attack in 2021, as opposed to 2020. 

Education on cyberattacks isn’t always enough 

Though 61% of employees feel that their workforce is educated in preventing cyberattacks, CISOs still consider human error (62%) and purposefully leaking data (criminal insider attack) as two of the primary ways in which employees could damage the business. 

Entering the age of hybrid work 

While the evolution of hybrid work has been met with enthusiasm from employees across office-based industries, there is still a considerable concern for company attacks. Since the coronavirus outbreak and the move to remote work, 60% of British CISOs have revealed that they have seen an increase in targeted attacks in the last year. 

High risk, high reward for attackers

According to Proofpoint’s report, CISOs believe that cybercrime will be both more profitable and riskier than before, with 71% of UK CISOs believing that cybercrime will become even more profitable for attackers, and 61% believe that cybercrime will become even more profitable it will also become riskier for cybercriminals.

The pressure on the CISO has never been higher 

With the move to remote work, the rise in cyberattacks, and some cases they need for drastic digital transformation, CISOs role in the company is more valuable than ever, which is reflected in the report. 66% of UK CISOs agree that expectations on their function are excessive.


“The ‘good enough’ approach of the past 12 months will simply not work in the long term: with businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cybersecurity defences has never been more pressing,” said Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint. 

“CISOs hold a business-critical function, now more than ever. The findings from our report emphasise that CISOs need the tools to mitigate risk and develop a strategy that takes a people-centric approach to cybersecurity protection and emphasises awareness training to address ever-changing conditions, like those experienced by organisations throughout the pandemic.”

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter


How to move from CIO to Chief Customer Success Officer

Amber Donovan-Stevens • 21st October 2021

Dean Leung, Chief Customer Success Officer at iManage, reflects on his own path shifting from CIO to Chief Customer Success Officer (CCSO) and discusses both the similarities and differences of the two roles, and why it can be a natural progression when approached with the proper mindset.

The importance of edtech in the early years sector

Amber Donovan-Stevens • 18th October 2021

Technology has become an operational mainstay across a multitude of industries – helping businesses, education establishments, governments, and charities to streamline their processes and enhance communications. When it comes to the early years education sector, this is no different. Chris Reid, CEO and founder of Connect Childcare, shares his thoughts on the intrinsic link between...

A deep dive into the Scaled Agile Framework

Jeff Keyes • 14th October 2021

The Scaled Agile Framework (SAFe) was designed to help large organizations successfully adopt agile methodologies. In this article Jeff Keyes, VP of Product Marketing and Strategy at Plutora, discusses the four core values of this approach, and how and why businesses are using the SAFe framework to improve agility in software development.

How click fraud has worsened in the wake of Covid-19

Amber Donovan-Stevens • 05th October 2021

Stewart Boutcher, CTO and Data Lead at Beacon, examines how click fraud – which was already a serious threat to companies engaged in digital marketing prior to the pandemic – has worsened considerably in its wake. He seeks to provide a forecast on how the situation is likely to evolve overtime, and advice on what...

Join our webinar on 26th October: Intelligent Automation - Maintaining the competitive edge.