Chief information security officers are increasingly concerned about the risk of a cyberattack, and a growing number say they have experienced a material loss of data over the past year, according to a report released Tuesday by Proofpoint.
Two-thirds of CISOs said their organizations have experienced a material loss of sensitive information over the past year, compared with only 46% in the prior year, according to the report. Meanwhile, three-quarters of CISOs fear they are at risk of a material cyberattack over the next 12 months.
The increase reflects not only heightened risk but also a cultural shift among CISOs, according to Proofpoint.
“CISOs are becoming more transparent, especially in light of increased regulatory scrutiny and evolving board expectations,” Patrick Joyce, global resident CISO at Proofpoint, told Cybersecurity Dive.
The annual “Voice of the CISO” report is based on a survey of 1,600 CISOs at organizations in 16 countries. The survey took place during the first quarter of 2025, and all respondents worked at organizations with more than 1,000 employees.
The report reveals a heightened level of concern about resilience and business continuity. While two-thirds of CISOs say they are confident in their cybersecurity culture, six in 10 CISOs say their organizations are unprepared for an attack.
Two-thirds of CISOs said they would be willing to pay a ransom in order to get sensitive data back or restore business operations, the survey found.
CISOs appear to be under increasing pressure and scrutiny about their companies’ cyber postures. The report found that less than two-thirds of CISOs said they were aligned with their corporate boards on cyber risk, down from 85% in the 2024 report.
“It’s not that boards no longer care about cybersecurity; in fact, business valuation is now their top concern after a cyberattack, which marks a real shift of focus,” Joyce said. “But that prioritization doesn’t always translate into sustained engagement or the allocation of resources by either the board or C-suite management.”
Source link
