Human risk and Gen AI-driven data loss top CISO concerns
As cyber threats become more frequent and complex, CISOs are increasingly concerned about their organization’s ability to withstand a material attack. 76 percent feel at risk of experiencing a material cyberattack in the next 12 months, yet 58 percent say they are unprepared to respond.
The latest Voice of the CISO report from Proofpoint surveyed 1,600 global CISOs across 16 countries and finds human behavior remains a critical vulnerability, with 92 percent attributing at least some data loss to departing employees.
AI has quickly emerged as both a top priority and a top concern for CISOs too. 64 percent globally say enabling GenAI tool use is a strategic priority over the next two years, even as security worries persist. In the US, 80 percent of CISOs express concern over potential customer data loss via public GenAI platforms. As adoption accelerates, organizations are shifting from restriction to governance, with 67 percent implementing usage guidelines and 68 percent exploring AI-powered defenses -- though enthusiasm has dipped from last year’s high of 87 percent.
“This year’s findings reveal a growing disconnect between confidence and capability among CISOs,” says Patrick Joyce, global resident CISO at Proofpoint. “While many security leaders express optimism about their organization’s cyber posture, the reality tells a different story -- rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It's clear that the role of the CISO has never been more pivotal -- or more pressured.”
The report finds that CISOs face an increasingly fragmented threat landscape with no single dominant risk, email fraud, insider threats, ransomware, and cloud account takeover are all top concerns. But despite the varied tactics, most attacks lead to the same outcome: data loss. Reflecting the high stakes, 66 percent of CISOs globally say they would consider paying a ransom to restore systems or prevent data leaks, this rises to 84 percent in Canada and Mexico.
CISOs continue to face mounting pressure in the face of rising threats and limited resources: 66 percent report facing excessive expectations, and 63 percent say they have experienced or witnessed burnout within the past year. While 65 percent now say their organizations have taken steps to protect them from personal liability, one-third still feel they lack the resources to meet their cybersecurity goals.
“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” says Ryan Kalember, chief strategy officer at Proofpoint. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the center of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organizations are reevaluating what cybersecurity leadership really looks like in today’s enterprise.”
You can get the full report from the Proofpoint site.
Image Credit: Yuri Arcurs/Dreamstime.com