Survey: 58 Percent of Organizations are Unprepared for Cyberattack

  • Sep 02, 2025

Proofpoint, Inc., a cybersecurity and compliance company today released its fifth annual Voice of the CISO report, exploring key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. The 2025 report, which surveyed 1,600 global CISOs across 16 countries, spotlights two critical trends: the surge in cyberattacks is fueling heightened anxiety among CISOs—along with a growing willingness to pay ransoms when incidents occur—and the rapid rise of GenAI is forcing security leaders to balance innovation with risk, despite mounting concerns around data exposure and misuse.

As cyber threats become more frequent and multifaceted, CISOs are increasingly concerned about their organization’s ability to withstand a material attack. 76% of CISOs feel at risk of experiencing a material cyberattack in the next 12 months, yet 58% say they are unprepared to respond. Two-thirds of CISOs experienced material data loss in the past year, with insider-driven incidents topping the list of causes. With 92% attributing at least some data loss to departing employees according to survey data, human behavior remains a critical vulnerability. Reflecting the pressure, 66% of CISOs say they would consider paying a ransom to prevent data leaks or restore systems, based on survey responses.

AI has quickly emerged as both a top priority and a top concern for CISOs: 64% of global CISOs say enabling GenAI tool use is a strategic priority over the next two years, even as security worries persist. In the U.S., 80% of CISOs express concern over potential customer data loss via public GenAI platforms. As adoption accelerates, organizations are shifting from restriction to governance, with 67% implementing usage guidelines and 68% exploring AI-powered defenses—though enthusiasm has dipped from last year’s high of 87%. “This year’s findings reveal a growing disconnect between confidence and capability among CISOs,” said Patrick Joyce, global resident CISO at Proofpoint. “While many security leaders express optimism about their organization’s cyberposture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It's clear that the role of the CISO has never been more pivotal—or more pressured.”

Key global findings from Proofpoint’s 2025 Voice of the CISO report include:

  • Confidence vs. Reality: CISOs Brace for Attacks Amid Rising Data Loss and Readiness Gaps. In 2025, 76% of CISOs surveyed feel at risk of experiencing a material cyberattack in the next 12 months, up from 70% last year. Yet 58% admit their organization is unprepared to respond. Two-thirds experienced a material data loss in the past year (up from 46% in 2024) despite the majority of CISOs expressing confidence in their cybersecurity culture.
  • Attacks from All Angles, Same Consequence. CISOs face an increasingly fragmented threat landscape with no single dominant risk—email fraud, insider threats, ransomware, and cloud account takeover are all top concerns. Despite the varied tactics, most attacks lead to the same outcome: data loss. Reflecting the high stakes, 66% of CISOs say they would consider paying a ransom to restore systems or prevent data leaks—rising to 84% in Canada and Mexico.
  • Data Doesn’t Walk Itself Out the Door. 92% of CISOs who experienced data loss say departing employees played a role—up from 73% last year. Despite near-universal adoption of Data Loss Prevention (DLP) tools, one-third say their data remains inadequately protected. As GenAI accelerates, 67% now rank information protection and governance as a top priority, prompting a shift to dynamic, context-aware security.
  • The People Problem Persists. Human error remains the top cybersecurity vulnerability in 2025, with 66% of CISOs citing people as their greatest risk, despite 68% believing employees understand cybersecurity best practices. This disconnect highlights a critical gap: awareness alone is not enough. Nearly a third of organizations still lack dedicated insider risk resources to help bridge the gap between knowledge and behavior.
  • Friend or Foe? AI’s Double-Edged Sword. The rapid rise of GenAI is amplifying concerns around human risk. Three in five CISOs worry about customer data loss via public GenAI tools, with collaboration platforms and GenAI chatbots seen as top security threats. Despite this, 64% say enabling safe GenAI use is a top priority—highlighting a shift from restriction to governance. Most are responding with guardrails: 67% have implemented usage guidelines, and 68% are exploring AI-powered defenses, though enthusiasm has cooled from 87% last year. More than half (59%) restrict employee use of GenAI tools altogether.
  • Boardroom Alignment Slips as CISO Pressure Mounts. Boardroom alignment with CISOs has declined from a high of 84% in 2024 to 64% this year. Still, business valuation has emerged as boards’ top concern following a cyberattack—up from the bottom of the list last year—signaling that cyber risk is gaining traction as a strategic priority.
  • Different Year, Same Pressures. CISOs continue to face mounting pressure in the face of rising threats and limited resources: 66% report facing excessive expectations, and 63% say they have experienced or witnessed burnout within the past year. While 65% now say their organizations have taken steps to protect them from personal liability, one-third still feel they lack the resources to meet their cybersecurity goals.

“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” commented Ryan Kalember, chief strategy officer at Proofpoint. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the center of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organizations are reevaluating what cybersecurity leadership really looks like in today’s enterprise.”

To download the 2025 Voice of the CISO report, please visit https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report.

Featured

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

Most   Popular

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.