CyberSecStats #28 - Global CISO survey, AI-driven social engineering, and embedded software safety

Hello! 

Laura from CybersecStats here. 

Hope your month is off to a good start.

And if you're looking for a thought-provoking question to start this month with, here’s one: Do CISOs feel their organisations are getting more or less safe than they did a year ago? 

According to data shared below, the answer is.... less safe. 

A large-scale CISO survey conducted by Proofpoint found that CISOs feel worse about the next 12 months than they did this time last year. And they aren’t the only ones. 

Businesses without a CISO (i.e., the vast majority of companies) appear to be more willing than ever to invest in cybersecurity. Another survey we report on this week claims that 83% of small businesses plan to invest in cybersecurity in the next 12 months - here’s hoping they follow through.

If you have information your company would like to share with our rapidly growing audience of over 500 cybersecurity practitioners (welcome to the 150 new members who joined in August), researchers, founders, and marketers, please contact us now to avoid a backlog.

SPONSORED By US

BTW, if you have information your company would like to share with our rapidly growing audience of over 500 cybersecurity practitioners, researchers, founders, and marketers, please contact us now.

General cybersecurity trends reports 

2025 Voice of the CISO (Proofpoint)

Proofpoint’s fifth annual Voice of the CISO report draws on insights from a global survey of 1,600 chief information security officers (CISOs). The key takeaway is clear: the role of the CISO is more demanding than ever. 

Key stats: 

• 76% of CISOs feel at risk of experiencing a material cyberattack in the next 12 months. This is up from 70% last year.
• 58% of CISOs say they are unprepared to respond to a material cyberattack in the next 12 months. 
• 64% of global CISOs say enabling GenAI tool use is a strategic priority over the next two years.

Read the full report here.

Navigating Cyber Threats Infosecurity Europe 2025 Findings (KnowBe4)

A rare Europe-focused report based on a survey of more than 100 security professionals during the Infosecurity Europe 2025 conference. A great source of data indicating that European businesses are just as keen on increased security investment as their US peers.

Key stats: 

• 43% of cybersecurity professionals identified distraction as a primary reason employees fall victim to cyberattacks.
• 74% of respondents stated that phishing is the leading threat, with impersonation of executives or trusted colleagues being the most common tactic. 
• 65% of organisations plan to increase cybersecurity budgets.

Read the full report here.

Fraud and social engineering 

2025 Socially Engineered Fraud & Risk Report (Trustmi)

Fraud is getting more complex and costly. That’s the takeaway we got from this survey of 525 mid-to-senior finance and cybersecurity leaders at large U.S. enterprises across financial services, technology, healthcare, manufacturing, and retail. 

Key stats: 

• 83.6% of enterprises experienced at least one fraud attempt in the past year.
• Nearly half (47.6%) of enterprises reporting direct losses lost $500K or more in a single fraud incident.
• 70% of fraud incidents at enterprises spanned multiple platforms and teams.

Read the full report here.

Data Accelerator: Social Engineering and the Human Element (LevelBlue)

This report on the gap between deepfake capabilities (now extremely impressive) and organizational preparedness makes for mildly scary reading. 

Key stats: 

• 38% of organizations admit to being underprepared for AI-driven social engineering threats such as automated attacks, deepfake-based videos, and voice scams.
• 32% of organizations reported being prepared for deepfake and synthetic identity attacks.
• 59% of organizations report an increasing difficulty for employees to discern real from not real.

Read the full report here.

Online Identity Study (Jumio)

Interesting data on student perceptions of deepfake risks and their willingness to use biometric authentication in consumer devices and applications. 

Key stats: 

• 62% of students are confident in their ability to spot a deepfake.
• 41% of students know someone who has been a victim of online fraud, indicating second-hand experience with fraud.
• 38% of students feel safer using biometric verification instead of passwords for online accounts, which is more than any other occupational demographic.

Read the full report here.

Embedded software