Proofpoint’s 2025 ‘Voice of the CISO’ Report Reveals Heightened AI Risk, Alarming Surge in Data Loss Among Singapore Organisations

Proofpoint, Inc., a leading cybersecurity and compliance company, has released its fifth annual Voice of the CISO Report. This report explores key challenges, expectations, and priorities of chief information security officers (CISOs) worldwide.

The 2025 Voice of the CISO Report, which surveyed 1,600 global CISOs across 16 countries, spotlights two critical trends: the surge in cyberattacks is fuelling heightened anxiety among CISOs—along with a growing willingness to pay ransoms when incidents occur—and the rapid rise of GenAI (generative AI) is forcing security leaders to balance innovation with risk, despite mounting concerns around data exposure and misuse.

As cyber threats become more frequent and multifaceted, Singapore CISOs are increasingly concerned about their organisation’s ability to withstand a material attack. 82% of CISOs feel at risk of experiencing a material cyberattack in the next 12 months (up from 67% last year), yet 53% say they are unprepared to respond. A staggering 91% experienced material data loss in the past year, the second-highest rate among CISOs globally, and a dramatic increase from 32% in 2024. All CISOs who experienced data loss attributed it to departing employees, up from 63% last year. Reflecting the pressure, 59% of Singapore CISOs say they would consider paying a ransom to prevent data leaks or restore systems.

Artificial Intelligence has quickly emerged as both a top priority and a top concern for CISOs. In Singapore, 41% of CISOs told the Voice of the CISO Report that enabling GenAI tool use is a strategic priority over the next two years, even as security worries persist. Half of CISOs express concern over potential customer data loss via public GenAI platforms. As adoption accelerates, organisations are shifting from restriction to governance, with 53% implementing usage guidelines and 66% exploring AI-powered defences—though enthusiasm has dipped from last year’s high of 86%.

“This year’s Voice of the CISO Report findings reveal a growing disconnect between confidence and capability among CISOs,” said Patrick Joyce, Global Resident CISO at Proofpoint. “While many security leaders express optimism about their organisation’s cyber posture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It’s clear that the role of the CISO has never been more pivotal—or more pressured.”

Key Singapore Fndings from Proofpoint’s 2025 Voice of the CISO Report

• Confidence vs. Reality: CISOs Brace for Attacks Amid Rising Data Loss and Readiness Gaps. In 2025, 82% of CISOs in Singapore surveyed feel at risk of experiencing a material cyber attack in the next 12 months, up from 67% last year. Yet 53% admit their organisation is unprepared to respond. Shockingly, 91% experienced a material data loss in the past year (huge jump from 32% in 2024) despite the majority of CISOs expressing confidence in their cybersecurity culture.
• Attacks from All Angles, Same Consequence. CISOs in Singapore face an increasingly fragmented threat landscape with no single dominant risk—ransomware, supply chain attacks, email fraud, insider threats, and cloud account takeover are all top concerns. Despite the varied tactics, most attacks lead to the same outcome: data loss. Reflecting the high stakes, 59% of CISOs say they would consider paying a ransom to restore systems or prevent data leaks.
• Data Does Mo Not Walk Itself Out the Door. All CISOs in Singapore who experienced data loss say departing employees played a role—up from 63% last year. Despite universal adoption of Data Loss Prevention (DLP) tools, 43% say their data remains inadequately protected. As GenAI accelerates, 63% now rank information protection and governance as a top priority, prompting a shift to dynamic, context-aware security.
• The People Problem Persists. Human error remains the top cybersecurity vulnerability in 2025, with three in five (61%) CISOs in Singapore citing people as their greatest risk, despite 66% believing employees understand cybersecurity best practices. This disconnect highlights a critical gap: awareness alone is not enough. While 97% of organisations have put in place dedicated insider risk resources to help bridge the gap between knowledge and behaviour.
• Friend or Foe? AI’s Double-Edged Sword. The rapid rise of GenAI is amplifying concerns around human risk. Half of CISOs (50%) in Singapore worry about customer data loss via public GenAI tools, with collaboration platforms and GenAI chatbots seen as top security threats. Despite this, 41% say enabling safe GenAI use is a top priority—highlighting a shift from restriction to governance. Most are responding with guardrails: 53% have implemented usage guidelines, and 66% are exploring AI-powered defences, though enthusiasm has cooled from 86% last year. More than half (51%) restrict employee use of GenAI tools altogether.
• Boardroom Alignment Slips as CISO Pressure Mounts. Boardroom alignment with CISOs in Singapore has declined from a high of 81% in 2024 to 51% this year. Still, reputational damage has emerged as boards’ top concern following a cyber attack, signalling that cyber risk is gaining traction as a strategic priority.
• Different Year, Same Pressures. CISOs in Singapore continue to face mounting pressure in the face of rising threats and limited resources: 58% report facing excessive expectations, and almost half (49%) say they have experienced or witnessed burnout within the past year. While 56% now say their organisations have taken steps to protect them from personal liability, almost two in five (38%) still feel they lack the resources to meet their cybersecurity goals.

“Singapore organisations are facing a perfect storm of cybersecurity challenges, with insider threats and AI risks converging to create unprecedented data protection challenges,” said George Lee, Senior Vice President, Asia Pacific and Japan, at Proofpoint. “91% of CISOs in Singapore have already experienced material data loss this year, and it should serve as a clear and urgent message for businesses across the nation. As Singapore continues to strengthen its position as a digital hub in Asia, organisations must prioritise human-centric security strategies that address both the people element and emerging technologies to safeguard their most critical assets.”

“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” commented Ryan Kalember, Chief Strategy Officer at Proofpoint. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the centre of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organisations are reevaluating what cybersecurity leadership really looks like in today’s enterprise.”

To download the 2025 Voice of the CISO report, please visit: https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report