Proofpoint has released its fifth annual Voice of the CISO report, exploring key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. The 2025 report, which surveyed 1,600 global CISOs across 16 countries, spotlights two critical trends: the surge in cyberattacks is fuelling heightened anxiety among CISOs—along with a growing willingness to pay ransoms when incidents occur—and the rapid rise of GenAI is forcing security leaders to balance innovation with risk, despite mounting concerns around data exposure and misuse.
As cyber threats become more frequent and multifaceted, CISOs are increasingly concerned about their organisation’s ability to withstand a material attack. India stands out with 90% of CISOs expressing that their company is at risk of experiencing a material cyberattack in the next 12 months—the highest among all countries surveyed. This concern is driven by the fact that 99% of Indian CISOs have already reported the loss of sensitive data in the past year, which is the highest globally and significantly above the global average of 66%. Compromised insiders remain the leading cause, with 96% of CISOs in India linking at least some of this data loss to departing employees, which highlights that human behaviour remains a critical vulnerability.
AI has quickly emerged as both a top priority and a top concern for CISOs. 64% of Indian CISOs say enabling GenAI tool use is a strategic priority over the next two years, even as security worries persist. In India, nearly three-quarters (74%) of CISOs worry about customer data loss through GenAI tools, with collaboration platforms and GenAI chatbots identified as leading threats. Reflecting these concerns, 74% of organisations block or restrict employee usage of GenAI tools, well above the global average of 59%. Yet as adoption accelerates, organisations in India are shifting from restriction to governance, with 61% implementing usage guidelines and 66% exploring AI-powered defences.
“This year’s findings reveal a growing disconnect between confidence and capability among CISOs,” said Patrick Joyce, global resident CISO at Proofpoint. “While many security leaders express optimism about their organisation’s cyber posture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It’s clear that the role of the CISO has never been more pivotal—or more pressured.”
“The Indian cybersecurity ecosystem is facing an urgent reality. Our 2025 Voice of the CISO report reveals that CISOs in India view their organisations as the most at risk globally, facing rising material threats, elevated data loss and human-centred risk, yet many feel unprepared to effectively respond. At the same time, the rapid adoption of GenAI presents both transformative potential and new security challenges. Proofpoint is committed to empowering CISOs in India to overcome these critical security challenges with our leading human-centric cybersecurity platform to strengthen defences in an increasingly dynamic threat landscape,” said Bikramdeep Singh, India Country Manager, Proofpoint.
Key India findings from Proofpoint’s 2025 Voice of the CISO report include:
- Confidence vs. Reality: CISOs Brace for Attacks Amid Rising Data Loss and Readiness Gaps. In 2025, 90% of Indian CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, the highest globally. Yet 74% admit their organisation is unprepared to respond. Almost all (99%) experienced a material data loss in the past year, despite the majority of CISOs expressing confidence in their cybersecurity culture.
- Attacks from All Angles, Same Consequence. CISOs in India face an increasingly fragmented threat landscape with no single dominant risk—supply chain attacks, email fraud, insider threats, and ransomware are all top concerns. Despite the varied tactics, most attacks lead to the same outcome: data loss. Reflecting the high stakes, 70% of CISOs say they would consider paying a ransom to restore systems or prevent data leaks.
- Data Doesn’t Walk Itself Out the Door. Almost all of CISOs in India (96%) who experienced data loss say departing employees played a role. Despite universal adoption of Data Loss Prevention (DLP) tools, 29% say their data remains inadequately protected. As GenAI accelerates, more than two in three (70%) now rank information protection and governance as a top priority, prompting a shift to dynamic, context-aware security.
- The People Problem Persists. Human error remains the top cybersecurity vulnerability in 2025, with two-thirds (67%) of Indian CISOs citing people as their greatest risk, despite 69% believing employees understand cybersecurity best practices. This disconnect highlights a critical gap: awareness alone is not enough. While 96% of organisations have put in place dedicated insider risk resources to help bridge the gap between knowledge and behaviour.
- Friend or Foe? AI’s Double-Edged Sword. The rapid rise of GenAI is amplifying concerns around human risk. Nearly three-quarters (74%) of CISOs in India worry about customer data loss via public GenAI tools, with collaboration platforms and GenAI chatbots seen as top security threats. Despite this, 64% say enabling safe GenAI use is a top priority—highlighting a shift from restriction to governance. Most are responding with guardrails: 61% have implemented usage guidelines, and 66% are exploring AI-powered defences. Almost three in four (74%) restrict employee use of GenAI tools altogether.
- Boardroom Alignment Slips as CISO Pressure Mounts. 72% of CISOs in India agree their board members see eye-to-eye with them on cybersecurity issues. Disruption to operations has emerged as boards’ top concern following a cyber attack, signalling that cyber risk is gaining traction as a strategic priority.
- Different Year, Same Pressures. Indian CISOs continue to face mounting pressure in the face of rising threats and limited resources: more than two-thirds (68%) report facing excessive expectations, and have experienced or witnessed burnout within the past year. While 64% now say their organisations have taken steps to protect them from personal liability, 26% still feel they lack the resources to meet their cybersecurity goals.
“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” commented Ryan Kalember, chief strategy officer at Proofpoint. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the centre of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organisations are reevaluating what cybersecurity leadership really looks like in today’s enterprise.”
