The latest edition of informe anual Voice of the CISO de Proofpointwhich analyzes the main challenges, expectations and priorities of these professionals, suggests that the Fissos are facing more complications and risks due to the expansion of AI.
The report, for whose realization 1,600 fissures from 16 countries have been interviewed, highlights two trends: the increase in cyber attacks is increasing anxiety between them and the disposition of companies to pay bailouts when incidents occur; And that the boom of the generative AI is forcing security responsible to balance innovation with risk, despite the concern, also increasing, for exposure and improper use of data.
Although cyberamezas are more frequent and diverse, the fissus are increasingly concerned about the ability of their organizations to resist an attack. 76% feel that they are at risk of suffering an important cyber attack in the next 12 months, a percentage that remains in 59% in the case of Spaniards. In addition, 58% ensure that they are not ready to respond to this type of situation, a percentage greater than that of Spanish fissions, since only 33% of them ensure.
Two thirds of the fissus suffered relevant data losses in the last year (33% in Spain), with incidents caused by internal personnel as the main cause. 92% of them attribute at least part of these data losses to employees who leave the company (70% in Spain), which leads to human behavior to remain a critical vulnerability. On the other hand, 66% of the knives would assess a ransom to avoid data leaks or restore systems.
As for AI, it is both a priority and a concern for the fissus. 64% of them believe that enabling the use of generative AI tools is a strategic objective for the next two years, despite the doubts it raises for security. In Spain, 39% of the fissions are concerned about the possible loss of customer data through public generative platforms.
While their adoption grows, organizations are going from governance restriction. 53% are implementing guidelines for use, and 51% explores defenses based on AI, although enthusiasm has decreased with respect to the maximum of 84% reached last year.
The fissions of Spain face an increasingly fragmented threats. Malware, ransomware, internal threats and the appropriation of cloud accounts are its main concerns. Despite the variety of tactics, most attacks have the same result: data loss. 51% of the knives would consider paying a ransom to restore systems or avoid data leaks, a percentage that amounts to 84% in other countries such as Canada and Mexico.
55% ensure that their data still are not protected properly. Likewise, as the generative AI accelerates, 55% now considers the protection and governance of information as a maximum priority, promoting a change towards dynamic safety and sensitive to context.
48% of the fissus in Spain claim that allowing a safe use of generative AI is a maximum priority, which highlights a change in governance restrictions, although 38% completely restrict the use of generative the tools by employees.
Human error remains the main vulnerability in cybersecurity in 2025 in Spain, since 49% of Spanish fissions cites people as their greatest risk, despite the fact that 55% believe that employees understand what best security practices are. This disconnection highlights a critical gap: awareness of itself is not enough. Almost 46% of organizations continue to lack resources dedicated to internal risk to help save the gap between knowledge and behavior.
The alignment between the Board of Directors and the fissus in Spain has resent this year, as the pressure on these professionals increases. Thus, it has dropped from a maximum of 87% in 2024 to 47% this year. However, the loss of confidential information became the main concern of the board of directors after a cyber attack, which indicates that cyberriesgo is gaining importance as a strategic priority.
The fissos in Spain have seen the pressure in the takeover of threats and the limitation of resources increase. 40% claim to face excessive expectations and 56% say they have experienced or witness exhaustion in the last year. Although half confirms that their organizations have taken measures to protect them from personal responsibility, 51% feel that it still lacks the necessary resources to meet their cybersecurity objectives.
Patrick Joyce, Ciso resident Global de Proofpointhas highlighted about the report that “This year’s results reveal a growing disconnection between the trust and the ability of the fissus. Although many security responsible are optimistic about the positioning of their organizations, the reality is very different: the increase in data loss, the deficiencies in the preparation and persistent human risk continue to undermine resilience. As the adoption of the generative AI accelerates both opportunities and threats, the fissus is requested with less, to sail for an unprecedented complexity and continue to protect what matters most. It is clear that the role of the CISO has never been so crucial, nor has it been so pressed ”.
