Proofpoint released its fifth annual Voice of the CISO report, exploring key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. The 2025 report, which surveyed 1,600 global CISOs across 16 countries, spotlights two critical trends: the surge in cyberattacks is fueling heightened anxiety among CISOs—along with a growing willingness to pay ransoms when incidents occur—and the rapid rise of GenAI is forcing security leaders to balance innovation with risk, despite mounting concerns around data exposure and misuse.
As cyber threats become more frequent and multifaceted, CISOs are increasingly concerned about their organization’s ability to withstand a material attack. 69% of UAE CISOs feel at risk of experiencing a material cyberattack in the next 12 months, yet 56% say they are unprepared to respond. 77% of CISOs in the UAE experienced material data loss in the past year, with insider-driven incidents topping the list of causes. With 100% attributing at least some data loss to departing employees according to survey data, human behavior remains a critical vulnerability. Reflecting the pressure, 55% of CISOs say they would consider paying a ransom to prevent data leaks or restore systems, based on survey responses.
AI has quickly emerged as both a top priority and a top concern for CISOs: 60% of CISOs in the UAE say enabling GenAI tool use is a strategic priority over the next two years, even as security worries persist. In the UAE, 55% of CISOs express concern over potential customer data loss via public GenAI platforms. As adoption accelerates, organizations are shifting from restriction to governance, with 59% implementing usage guidelines and 58% exploring AI-powered defenses—though enthusiasm has dipped from last year’s high of 89%.
“This year’s findings reveal a growing disconnect between confidence and capability among CISOs,” said Patrick Joyce, global resident CISO at Proofpoint. “While many security leaders express optimism about their organization’s cyber posture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It’s clear that the role of the CISO has never been more pivotal—or more pressured.”
Key global findings from Proofpoint’s 2025 Voice of the CISO report include:
- Confidence vs. Reality: CISOs Brace for Attacks Amid Rising Data Loss and Readiness Gaps.
- Attacks from All Angles, Same Consequence.
- Data Doesn’t Walk Itself Out the Door.
- The People Problem Persists.
- Friend or Foe? AI’s Double-Edged Sword.
- Boardroom Alignment Slips as CISO Pressure Mounts.
- Different Year, Same Pressures.
“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” commented Ryan Kalember, chief strategy officer at Proofpoint. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the center of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organizations are reevaluating what cybersecurity leadership really looks like in today’s enterprise.”