CyberSecStats #35 - CFO priorities, shadow AI, email lures, and trust
Hello,
Laura from CyberSecStats here.
Hope that nothing scary happened to your organization's security posture this Halloween.
Last week, 14 newly published reports hit our database, covering everything from AI-driven phishing attacks to what kind of subject lines prompt the most clicks in phishing emails.
As always, thank you for subscribing.
This Month's Cybersecurity Eye-Openers
But before we get into the full breakdown, I want to spotlight three statistics this week that jumped out at me:
1. Security leaders feel that AI threats are outpacing their defenses
59% of security leaders warn that AI-driven cyber threats are advancing faster than their teams' expertise in combating them.
2. CFOs are cybersecurity decision makers
73% of US Chief Financial Officers are directly involved in cyber strategy.
3. Shadow AI is still a major trend
73% of knowledge workers use generative AI tools, but 37% admit they don't always follow company AI policies.
Big Picture Reports
The State of Trust Report (Vanta)
A report on the dual role of AI in both causing and combating security risks.
AI is driving a wave of social engineering that feels very dangerous to most organizations:
- 72% of organizations say security risks have never been higher, a 17-point increase from 2024.
- 59% of leaders warn AI threats are advancing faster than their team's expertise.
- In the past year, organizations saw increases in AI-generated phishing (49%), AI-powered malware (48%), and AI-driven identity fraud (47%).
Read the full report here.
Identity & Access Management
Global Cybersecurity Insights From Practitioners (Keeper Security)
A survey of cybersecurity practitioners at major global conferences (Black Hat USA, Infosecurity Europe, it-sa) on Zero Trust, AI, and identity threats.
Almost half of all orgs report MFA gaps:
- 40% of US cybersecurity professionals report MFA is not consistently enforced on privileged accounts.
- In the UK, 43% say the same thing.