Proofpoint has released its fifth annual Voice of the CISO report, revealing a sharp rise in data loss incidents and growing concerns around artificial intelligence among Singapore organisations. The study surveyed 1,600 chief information security officers (CISOs) across 16 countries, highlighting how security leaders are grappling with increasingly complex threats while under growing pressure to protect sensitive data.
In Singapore, 82% of CISOs believe their organisations are at risk of a material cyberattack within the next 12 months, up from 67% in 2024. Despite this, more than half admit they are not prepared to respond effectively. The report found that 91% of CISOs in Singapore experienced material data loss in the past year, a steep increase from 32% in 2024, with all cases linked to departing employees. This has led to 59% of CISOs stating they would consider paying a ransom to restore systems or prevent data leaks.
AI adoption drives both opportunities and risks
The report highlights the dual role of AI as both a solution and a threat. In Singapore, 41% of CISOs view enabling the use of generative AI tools as a strategic priority over the next two years. At the same time, half remain worried about the risk of customer data exposure through public AI platforms. As a result, many organisations are moving from restricting AI usage to implementing governance, with 53% adopting usage guidelines and 66% exploring AI-driven defences. However, enthusiasm has waned compared with 86% last year, and more than half still restrict employee access to AI tools.
Patrick Joyce, global resident CISO at Proofpoint, noted that confidence often does not match capability. He said: “While many security leaders express optimism about their organisation’s cyber posture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most.”
Human error and insider threats remain major concerns
The study found that human error remains the leading vulnerability, with 61% of Singapore CISOs identifying people as their organisation’s greatest risk. While two-thirds believe employees understand best practices, incidents suggest that awareness alone is insufficient. Nearly all organisations surveyed have implemented insider risk resources, yet 43% of CISOs believe their data remains inadequately protected.
The issue of insider threats is becoming more acute, with departing employees linked to every reported case of data loss. This trend underscores the need for more advanced and context-aware security measures. As AI tools become more embedded in daily operations, 63% of CISOs now place information protection and governance at the top of their agenda.
Boardroom alignment and CISO wellbeing
The report also highlights a decline in board-level alignment. In Singapore, CISO alignment with boards has fallen from 81% in 2024 to 51% in 2025, although boards now rank reputational damage as their top concern after a cyber incident. At the same time, the personal pressure on CISOs continues to grow. Almost half report experiencing or witnessing burnout in the past year, while 58% believe they face excessive expectations. Although 56% of organisations have taken steps to shield CISOs from personal liability, 38% still say they lack the resources required to meet their cybersecurity objectives.
George Lee, Senior Vice President for Asia Pacific & Japan at Proofpoint, said: “Singapore organisations are facing a perfect storm of cybersecurity challenges, with insider threats and AI risks converging to create unprecedented data protection challenges. 91% of CISOs in Singapore have already experienced material data loss this year, and it should serve as a clear and urgent message for businesses across the nation.”
Ryan Kalember, chief strategy officer at Proofpoint, added that AI is transforming the role of CISOs. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the centre of strategic decision-making.”
