• 55% of CISOs in the UAE worry customer data is at risk via public GenAI tools.
  • 60% of CISOs in the UAE prioritize safe GenAI use, with 59% enforcing guidelines and 58% exploring AI defenses.

Dubai, United Arab Emirates – Proofpoint, Inc., a leading cybersecurity and compliance company today released its fifth annual Voice of the CISO report, exploring key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. The 2025 report, which surveyed 1,600 global CISOs across 16 countries, spotlights two critical trends: the surge in cyberattacks is fueling heightened anxiety among CISOs—along with a growing willingness to pay ransoms when incidents occur—and the rapid rise of GenAI is forcing security leaders to balance innovation with risk, despite mounting concerns around data exposure and misuse.

As cyber threats become more frequent and multifaceted, CISOs are increasingly concerned about their organization’s ability to withstand a material attack. 69% of UAE CISOs feel at risk of experiencing a material cyberattack in the next 12 months, yet 56% say they are unprepared to respond. 77% of CISOs in the UAE experienced material data loss in the past year, with insider-driven incidents topping the list of causes. With 100% attributing at least some data loss to departing employees according to survey data, human behavior remains a critical vulnerability. Reflecting the pressure, 55% of CISOs say they would consider paying a ransom to prevent data leaks or restore systems, based on survey responses.

AI has quickly emerged as both a top priority and a top concern for CISOs: 60% of CISOs in the UAE say enabling GenAI tool use is a strategic priority over the next two years, even as security worries persist. In the UAE, 55% of CISOs express concern over potential customer data loss via public GenAI platforms. As adoption accelerates, organizations are shifting from restriction to governance, with 59% implementing usage guidelines and 58% exploring AI-powered defenses—though enthusiasm has dipped from last year’s high of 89%.

“This year’s findings reveal a growing disconnect between confidence and capability among CISOs,” said Patrick Joyce, global resident CISO at Proofpoint. “While many security leaders express optimism about their organization’s cyber posture, the reality tells a different story—rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It's clear that the role of the CISO has never been more pivotal—or more pressured.”

Key global findings from Proofpoint’s 2025 Voice of the CISO report include:

  • Confidence vs. Reality: CISOs Brace for Attacks Amid Rising Data Loss and Readiness Gaps. In 2025, 69% of CISOs in the UAE surveyed feel at risk of experiencing a material cyber-attack in the next 12 months, on par with last year. Yet 56% admit their organization is unprepared to respond. A staggering 77% experienced a material data loss in the past year (up from 45% in 2024) despite the majority of CISOs expressing confidence in their cybersecurity culture.
  • Attacks from All Angles, Same Consequence. CISOs in the UAE face an increasingly fragmented threat landscape with no single dominant risk—email fraud, insider threats, and cloud account takeover are all top concerns. Despite the varied tactics, most attacks lead to the same outcome: data loss. Reflecting the high stakes, 55% of CISOs in the UAE say they would consider paying a ransom to restore systems or prevent data leaks—rising to 84% in Canada and Mexico.
  • Data Doesn’t Walk Itself Out the Door. 100% of CISOs in the UAE who experienced data loss say departing employees played a role—up from 64% last year. Despite near-universal adoption of Data Loss Prevention (DLP) tools, 42% say their data remains inadequately protected. As GenAI accelerates, 61% now rank information protection and governance as a top priority, prompting a shift to dynamic, context-aware security.
  • The People Problem Persists. Human error remains the top cybersecurity vulnerability in 2025, with 57% of CISOs in the UAE citing people as their greatest risk, despite 59% believing employees understand cybersecurity best practices. This disconnect highlights a critical gap: awareness alone is not enough. A quarter of organizations in the UAE still lack dedicated insider risk resources to help bridge the gap between knowledge and behavior.
  • Friend or Foe? AI’s Double-Edged Sword. The rapid rise of GenAI is amplifying concerns around human risk: 55% of CISOs in the UAE worry about customer data loss via public GenAI tools, with collaboration platforms and GenAI chatbots seen as top security threats. Despite this, 60% say enabling safe GenAI use is a top priority—highlighting a shift from restriction to governance. Most are responding with guardrails: 59% have implemented usage guidelines, and 58% are exploring AI-powered defenses, though enthusiasm has cooled from 89% last year. More than half (57%) restrict employee use of GenAI tools altogether.
     
  • Boardroom Alignment Slips as CISO Pressure Mounts. Boardroom alignment with CISOs in the UAE has declined from a high of 90% in 2024 to 57% this year. Still, impact on business valuation has emerged as boards’ top concern following a cyber attack—up from the bottom of the list last year—signaling that cyber risk is gaining traction as a strategic priority.
  • Different Year, Same Pressures. CISOs in the UAE continue to face mounting pressure in the face of rising threats and limited resources: 62% report facing excessive expectations, and 52% say they have experienced or witnessed burnout within the past year. While 54% now say their organizations have taken steps to protect them from personal liability, 40% still feel they lack the resources to meet their cybersecurity goals.

“Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate,” commented Ryan Kalember, chief strategy officer at Proofpoint. “CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the center of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organizations are reevaluating what cybersecurity leadership really looks like in today’s enterprise.”

Methodology

The 2025 Voice of the CISO report offers a vital perspective on the state of cybersecurity from those at the forefront of protecting people and defending data. Polling over 1,600 CISOs from organizations of 1,000 employees or more across different industries, the survey also measures the changes in alignment between security leaders and their boards of directors, exploring how their relationship impacts security priorities. Throughout the course of Q1 2025, 100 CISOs were interviewed in each market across the following 16 countries: the U.S., Canada, Brazil, Mexico, the UK, France, Germany, Italy, Spain, the Netherlands, the UAE, the Kingdom of Saudi Arabia, Australia, Japan, Singapore, and India.

About Proofpoint, Inc. 

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. 

Connect with Proofpoint on LinkedIn.

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.