• Report find CISOs are less confident in their staff protecting their companies
  • Nearly twice as many experienced a material data loss this year
  • Many are worried about AI’s risks, some are set to use it to their benefits

Barely more than half (57%) of Chief Information Security Officers (CISOs) believe staff understand their role in protecting the company, new research from Proofpoint has claimed.

The figure is down from 84% in 2024, and comes alongside a finding that despite their best efforts and investments in preventative measures, human error remains the top vulnerability, cited by around three in five CISOs.

This comes as three in four (74%) UK CISOs experienced material data loss in the past year – nearly double the 39% in 2024.

UK CISOs are worried that workers are risking their companies

Proofpoint’s research added 86% of the material data loss instances involved departing employees, yet despite awareness programs, 30% of organizations still lack insider risk resources.

Looking ahead, nearly two-thirds (63%) are expecting a material cyberattack in the next 12 months, and yet nearly as many (61%) admit their organization is unprepared to respond with 57% prepared to pay a ransom to quickly restore systems or prevent data leaks.

Cybercriminals aside (as AI tools have lowered the entry barrier while simultaneously boosting attack sophistication), CISOs are also worried about AI use within their companies. Two in three (66%) restrict employee GenAI use altogether, with only 60% boasting GenAI usage guidelines.

“As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most,” Proofpoint Global Resident CISO Patrick Joyce noted.

Still, more than half (55%) are exploring AI-enhanced defenses moving forward, with 72% prioritizing safe GenAI use over the next two years.

“CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use,” Proofpoint Chief Strategy Officer Ryan Kalember added.

However, all of this has resulted in increased pressure on CISOs – 67% report excessive expectations (up from 62% last year), and 58% have either experienced or witnessed burnout in the past year.

Kalember noted that CISOs have now become central to company decision-making, however Proofpoint’s research revealed boardroom alignment with UK CISOs has declined from 84% in 2024 to 57% in 2025, suggesting they’re not getting the support they need.

Looking ahead, companies can make subtle changes to close the insider risk gap and to enhance data loss protection while also establishing CISO role clarity in the AI era.

You might also like