A global survey of 1,600 CISOs working in organizations with more than 1,000 employees finds more than half of CISOs (54%) said they also believe that generative AI poses a security risk to their organization.

Conducted by Proofpoint, a provider of an email and data protection platform, the survey also finds a full 87% also plan to deploy cybersecurity platforms and tools infused with artificial intelligence (AI) to better combat cybersecurity threats.

Overall, more than two-thirds (70%) feel at risk of a material cyberattack over the next 12 months, with 43% feeling unprepared to cope with a targeted cyberattack.

On the plus side, the percentage of CISOs that feel unprepared is down compared to previous years, but remains relatively high given the level of investments made, says Tim Choi, vice president of product marketing for Proofpoint.

As cybersecurity threats continue to evolve in the age of AI, organizations now essentially find themselves in an AI arms race with cybercriminals that typically have more resources, notes Choi. The only way to combat those threats will be to isolate email and attachments to enable organizations to continuously scan for threats. “We created a sandbox to monitor behavior before a message ends up in Office 365,” says Choi.

A full 81% of CISOs said they also have adequate controls to protect their data, with 51% having data loss prevention (DLP) technology in place. However, 59% said current economic downturn has hampered their ability to make business-critical investments, with just under half (48%) being asked to cut staff, delay backfills or reduce security budgets. Overall, the survey finds 53% of CISOs admitted to feeling burnout, with 66% noting expectations are excessive.

The survey, not surprisingly, identifies human error (78%) as the most significant vulnerability, with human risk (80%) being the biggest cybersecurity concern CISOs expect to have during the next two years. However, 86% also noted they believe that employees understand their role in protecting the organization. More than half (53%) invested in educating employees on data security best practices.

Nevertheless, 46% of security leaders reported having dealt with a material loss of sensitive data in the past 12 months, and among those, 73% said employees leaving the organization contributed to the incident.

In general, the biggest cybersecurity threats identified by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%). A full 62% said they believe their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months, with 79% of CISOs saying they would rely on cyber insurance claims to recover potential losses incurred.

On the plus side, the relationship between CISOs and the board of directors continues to improve, with 84% agreeing their board members see eye-to-eye with them on cybersecurity issues. However, two-thirds (66%) are concerned about personal liability and 72% would not join an organization that does not offer Directors & Officers (D&O) insurance coverage.

Arguably, it’s never been more challenging to be a CISO, but with the help of AI, the long odds CISOs currently face may soon become much less daunting than they currently are.