Proofpoint, Inc., a leading cybersecurity and compliance company today released its fifth annual Voice of the CISO report, exploring key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. The 2025 report, which surveyed 1,600 global CISOs across 16 countries, including 100 from Australia, spotlights two critical trends: the surge in cyberattacks is fuelling heightened anxiety among CISOs—along with a growing willingness to pay ransoms when incidents occur—and the rapid rise of GenAI is forcing security leaders to balance innovation with risk, despite mounting concerns around data exposure and misuse.

As cyber threats become more frequent and multifaceted, CISOs are increasingly concerned about their organisation’s ability to withstand a material attack. 77% of Australian CISOs feel at risk of experiencing a material cyberattack in the next 12 months, a dramatic jump from 61% last year. In Australia, the cyber threat is rising with more than three-quarters (76%) of CISOs experiencing material data loss in the past year. ASIO’s 2025 Annual Threat Assessment reports that Australian infrastructure has been routinely targeted by threat actors throughout the past year, with predictions that cyber-enabled sabotage presents an acute concern for Australia, outweighing traditional physical threats.

AI has quickly emerged as both a top priority and a top concern for Australian CISOs. 74% say enabling  GenAI tool use is a strategic priority over the next two years, even as security worries persist, while 73% of CISOs express concern over potential customer data loss via public GenAI platforms. As adoption accelerates, organisations are shifting from restriction to governance. 83% of Australian CISOs have some sort of guidelines around AI, though 72% are still restricting employee use of GenAI tools altogether.

“This year’s findings reveal a growing disconnect between confidence and capability among CISOs,” said Patrick Joyce, global resident CISO at Proofpoint. “While many security leaders express optimism about their organisation’s cyber posture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It’s clear that the role of the CISO has never been more pivotal—or more pressured.”

With the increased threat of attack and the rise of AI, Australian CISOs are under increased pressure. 75% report facing excessive expectations, and two-thirds (68%) say they have experienced or witnessed burnout within the past year. While 80% of Australian CISOs now say their organisations have taken steps to protect them from personal liability, one in five (21%) still feel they lack the resources to meet their cybersecurity goals.

“When we think of Australia’s most stressful jobs, we may not immediately picture a CISO, however today’s cyber security landscape is putting them under significant pressure,” said Adrian Covich, Vice President, Systems Engineering for Proofpoint in APJ. The OAIC reported 1,113 notifiable breaches in 2024, a 20% increase on the previous year. CISOs are carrying the increasing weight of safeguarding sensitive information, maintaining operational continuity, and preserving public trust every single day.

“These pressures are converging to create one of the most challenging periods Australian CISOs have ever faced. Breaches are up, security leaders are burning out, AI is creating both opportunity and fear, and far too many organisations are still prepared to pay ransoms. We believe in human-centric security as a key part of the path forward to help CISOs navigate these challenges and strengthen their organisation’s security posture.”

Key Australian Findings from Proofpoint’s 2025 Voice of the CISO Report

• Confidence vs. Reality: CISOs Brace for Attacks Amid Rising Data Loss and Readiness Gaps. In 2025, 77% of the Australian CISOs surveyed feel at risk of experiencing a material cyberattack in the next 12 months, up from 61% last year. Yet 72% admit their organisation is unprepared to respond. Three-quarters (76%) experienced a material data loss in the past year (up from 39% in 2024) despite the majority of CISOs expressing confidence in their cybersecurity culture.  
• Different Year, Same Pressures. CISOs in Australia continue to face mounting pressure in the face of rising threats and limited resources: 75% report facing excessive expectations, and 68% say they have experienced or witnessed burnout within the past year. While 80% now say their organisations have taken steps to protect them from personal liability, one in five (21%) still feel they lack the resources to meet their cybersecurity goals.
• Majority Would Consider Paying Ransom. CISOs in Australia face an increasingly fragmented threat landscape with no single dominant risk—cloud account takeover, insider threats, email fraud, and supply chain attacks are all top concerns. Despite the varied tactics, most attacks lead to the same outcome: data loss. Reflecting the high stakes, 68% of Australian CISOs say they would consider paying a ransom to restore systems or prevent data leaks. 
• Friend or Foe? AI’s Double-Edged Sword. The rapid rise of GenAI is amplifying concerns around human risk. Almost three in four (73%) Australian CISOs worry about customer data loss via public GenAI tools, with collaboration platforms and GenAI chatbots seen as top security threats. Despite this, 74% say enabling GenAI use is a top priority—highlighting a shift from restriction to governance. Most are responding with guardrails: 83% have implemented usage guidelines, and 83% are exploring AI-powered defences, though enthusiasm has slightly cooled from 86% last year. Nearly three-quarters (72%) restrict employee use of GenAI tools altogether.  
• Data Doesn’t Walk Itself Out the Door. 91% of Australian CISOs who experienced data loss say departing employees played a role—up from 77% last year. Despite near-universal adoption of Data Loss Prevention (DLP) tools, two-thirds (67%) say their data remains inadequately protected. As GenAI accelerates, 84% now rank information protection and governance as a top priority, prompting a shift to dynamic, context-aware security. 
• The People Problem Persists. Human error remains the top cybersecurity vulnerability in 2025, with 72% of Australian CISOs citing people as their greatest risk, despite 73% believing employees understand cybersecurity best practices. This disconnect highlights a critical gap: awareness alone is not enough. 46% of organisations still lack dedicated insider risk resources to help bridge the gap between knowledge and behaviour. 
• Boardroom Alignment Slips as CISO Pressure Mounts. Boardroom alignment with Australian CISOs has slightly declined from 86% in 2024 to 82% this year. Still, significant downtime and loss of sensitive information have emerged as boards’ top concern following a cyber attack, signalling that cyber risk is gaining traction as a strategic priority.

“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” commented Ryan Kalember, chief strategy officer at Proofpoint. CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the centre of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organisations are reevaluating what cybersecurity leadership really looks like in today’s enterprise.”