Cybersecurity leaders are under mounting pressure as attacks surge, insider-driven data loss escalates, and generative AI (GenAI) both fuels opportunity and risk. That’s the picture painted by Proofpoint’s 2025 Voice of the CISO report, which surveyed 1,600 CISOs across 16 countries.
The fifth annual study highlights a widening gap between CISOs’ confidence in their security posture and their organizations’ actual resilience—with many acknowledging that they remain underprepared for the next wave of attacks.
Rising Threats, Falling Readiness
- 76% of CISOs feel at risk of experiencing a material cyberattack within the next year—up from 70% in 2024.
- Yet 58% admit their organizations are unprepared to respond.
- Two-thirds experienced material data loss in the past year, up sharply from 46% in 2024.
The consequences are driving a willingness to negotiate with attackers: 66% of CISOs say they would consider paying a ransom to restore systems or prevent leaks—numbers spike to 84% in Canada and Mexico.
“While many security leaders express optimism about their organization’s cyberposture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience,” said Patrick Joyce, global resident CISO at Proofpoint.
Insider Threats and the Human Factor
Human behavior remains a critical vulnerability. According to the report:
- 92% of CISOs who experienced data loss said departing employees played a role—up from 73% last year.
- 66% of CISOs cite human error as their greatest risk, despite 68% believing employees understand best practices.
- Nearly a third of organizations lack dedicated insider risk resources, underscoring a persistent gap between awareness and action.
The trend highlights what Proofpoint calls the “people problem”: training alone isn’t enough, and insider risk management must evolve alongside technical defenses.
AI: Friend or Foe?
The rise of GenAI is reshaping both security priorities and attack surfaces. Proofpoint’s survey found:
- 64% of CISOs say enabling GenAI use is a strategic priority over the next two years.
- 80% of U.S. CISOs worry about customer data loss via public GenAI platforms.
- 67% of organizations have implemented AI usage guidelines, while 68% are exploring AI-powered defenses—though enthusiasm has cooled from last year’s 87%.
- 59% of organizations still restrict employee use of GenAI tools altogether.
“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” said Ryan Kalember, chief strategy officer at Proofpoint. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use.”
Boardroom Alignment Slipping
Another concerning trend is a drop in boardroom-CISO alignment, which fell from 84% in 2024 to just 64% in 2025. However, cyber risk is finally being recognized at the strategic level: business valuation emerged as the board’s top concern following a cyberattack, up from the bottom of the list last year.
CISO Burnout on the Rise
Beyond the technology challenges, the human toll of cybersecurity leadership continues to climb:
- 66% of CISOs report facing excessive expectations.
- 63% say they have experienced or witnessed burnout in the past year.
- While 65% of organizations have taken steps to protect CISOs from personal liability, one-third still lack the resources needed to meet security goals.
The Bottom Line
The 2025 Voice of the CISO underscores the high-stakes balancing act today’s security leaders face: combatting escalating threats, securing insider vulnerabilities, managing GenAI adoption responsibly, and navigating the growing personal toll of the job.
As Proofpoint’s Joyce summed up: “It’s clear that the role of the CISO has never been more pivotal—or more pressured.”
Power Tomorrow’s Intelligence — Build It with TechEdgeAI
