ProofPoint: AI is Leading to Record Levels of CISO Burnout
Three-quarters of Chief Information Security Officers (CISOs) globally anticipate experiencing a material cyberattack within the next year, according to Proofpoint's fifth annual Voice of the CISO report.
The cybersecurity company surveyed 1,600 CISOs across 16 countries, revealing a stark disconnect between confidence and preparedness.
Despite heightened threat awareness, 58% of security leaders admit their organisations remain unprepared to respond effectively to major incidents.
"This year's findings reveal a growing disconnect between the confidence and capability among CISOs," says Patrick Joyce, Global Resident CISO at Proofpoint.
The report shows material data loss incidents have increased significantly, with two-thirds of CISOs experiencing such breaches in the past year, up from 46% in 2024.
The significance of human error
Departing employees continue to pose the greatest data security threat, with 92% of CISOs attributing at least some data loss to staff leaving organisations.
This represents a substantial increase from 73% in the previous year's survey.
Human error maintains its position as the top cybersecurity vulnerability, cited by 66% of CISOs despite 68% believing their employees understand security best practices.
"Nearly a third of organisations still lack dedicated insider risk resources to help bridge the gap between knowledge and behaviour," ProofPoint states in its 2025 report.
The persistent human factor has contributed to a concerning trend regarding ransom payments, with 66% of CISOs indicating willingness to pay ransoms to prevent data leaks or restore systems.
Gen AI: A double-edged sword
Right now, AI is both a strategic priority and significant concern for the cybersecurity departments of organisations around the world.
While 64% of global CISOs identify enabling Gen AI tool use as a strategic priority over the next two years, 80% of US-based CISOs express concern over potential customer data loss via public Gen AI platforms.
The shift from restriction to governance reflects organisations' evolving approach to AI adoption, with 67% implementing usage guidelines and 68% exploring AI-powered defences.
However, enthusiasm has cooled from last year's peak of 87%, with more than half (59%) restricting employee use of Gen AI tools entirely.
"AI has moved from concept to core, transforming how both defenders and adversaries operate," explains Ryan Kalember, Chief Strategy Officer at Proofpoint.
Misalignment in the boardroom
The relationship between CISOs and corporate boards has weakened, with alignment dropping from 84% in 2024 to 64% this year.
Business valuation has emerged as boards' primary concern following cyberattacks, rising from the bottom of priority lists to the top position.
This shift suggests cyber risk is gaining recognition as a strategic business priority rather than merely a technical issue.
CISOs report record levels of burnout
The mounting pressure on security leaders has reached critical levels, with 66% reporting excessive expectations and 63% experiencing or witnessing burnout within their organisations during the past year.
"As Gen AI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most," Patrick says.
While 65% of organisations have implemented measures to protect CISOs from personal liability, one-third still report lacking sufficient resources to meet cybersecurity objectives.
The fragmented threat landscape presents no single dominant risk, with email fraud, insider threats, ransomware and cloud account takeover all ranking as top concerns.
Despite varied attack vectors, most incidents ultimately result in data loss, reinforcing the critical importance of robust information protection strategies.
