Australian CISOs under strain from AI risks, burnout & attacks
New research shows Australian chief information security officers (CISOs) are facing heightened anxiety, burnout, and challenges due to increased cyber threats and the rapid rise of generative artificial intelligence (GenAI).
Rising cyberattack risks
According to findings from Proofpoint's 2025 Voice of the CISO report, 77% of Australian CISOs expect to experience a material cyberattack within the next 12 months, up from 61% the previous year. The report also highlights that 76% of CISOs in Australia have experienced material data loss in the past year, a figure that nearly doubles the 39% reported in 2024.
The Australian Security Intelligence Organisation (ASIO)'s annual threat assessment indicates that Australian infrastructure has been consistently targeted by threat actors, with predictions suggesting cyber-enabled sabotage poses a greater risk to the country than traditional physical threats.
GenAI a priority and a concern
The adoption of GenAI tools has quickly become a significant priority and concern for security leaders. The report reveals that 74% of Australian CISOs see enabling GenAI tool use as a strategic priority over the next two years. At the same time, 73% express concern about potential customer data loss via public GenAI platforms.
To address these risks, 83% of CISOs have implemented some form of guideline around AI usage, yet 72% are still restricting employee use of GenAI tools entirely. The report identifies collaboration platforms and GenAI chatbots as security threats requiring increased attention from organisational leadership.
"This year's findings reveal a growing disconnect between confidence and capability among CISOs. While many security leaders express optimism about their organisation's cyber posture, the reality tells a different story - rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It's clear that the role of the CISO has never been more pivotal - or more pressured."
This statement was made by Patrick Joyce, Global Resident CISO at Proofpoint, underlining the challenging environment facing Australian CISOs as they work to balance technological advancements and cybersecurity.
Burnout and excessive expectations
CISO stress levels remain high in Australia, with 75% of respondents saying they are subject to excessive expectations. Additionally, two-thirds (68%) have experienced or witnessed burnout over the past year. According to the report, while 80% state their organisations have taken steps to mitigate personal liability, 21% believe they still lack the resources needed to achieve their cybersecurity objectives.
"When we think of Australia's most stressful jobs, we may not immediately picture a CISO, however today's cyber security landscape is putting them under significant pressure," said Adrian Covich, Vice President, Systems Engineering for Proofpoint in APJ. "The OAIC reported 1,113 notifiable breaches in 2024, a 20% increase on the previous year. CISOs are carrying the increasing weight of safeguarding sensitive information, maintaining operational continuity, and preserving public trust every single day."
Covich added, "These pressures are converging to create one of the most challenging periods Australian CISOs have ever faced. Breaches are up, security leaders are burning out, AI is creating both opportunity and fear, and far too many organisations are still prepared to pay ransoms. We believe in human-centric security as a key part of the path forward to help CISOs navigate these challenges and strengthen their organisation's security posture."
Willingness to pay ransom
The report notes that 68% of Australian CISOs say they would consider paying a ransom to restore systems or prevent data exfiltration. Respondents cited a fragmented threat landscape, with risks ranging from cloud account takeover to supply chain attacks, yet most attacks ultimately result in data loss. Despite widespread adoption of Data Loss Prevention tools, two-thirds (67%) of CISOs feel their data remains insufficiently protected. Information protection and governance are now ranked as top priorities by 84% of Australian CISOs, especially as AI-driven data leakage concerns intensify.
Persistent human risk
Human error remains the most significant vulnerability, with 72% of CISOs naming people as their greatest cyber risk, despite nearly three quarters believing staff understand best practices. The report uncovers a lack of dedicated insider risk resources in 46% of organisations, underscoring an ongoing gap between cybersecurity knowledge and employee behaviour.
Impact of departing employees
Australian CISOs also report that departing employees significantly contribute to data loss incidents, with 91% who experienced data loss stating that staff departures played a role, up from 77% last year.
AI-driven change in boardroom alignment
Boardroom alignment with CISOs has declined slightly, from 86% in 2024 to 82% this year. However, outcomes of cyber attacks such as significant operational downtime and loss of sensitive data have driven cyber risk to the forefront of board priorities.
"Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate," commented Ryan Kalember, Chief Strategy Officer at Proofpoint. "CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the centre of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organisations are reevaluating what cybersecurity leadership really looks like in today's enterprise."
The findings derive from a survey of 1,600 CISOs across 16 countries, including 100 from Australia, focused on organisations with 1,000 or more employees across a range of industries.
