Singapore CISOs face rising cyber risks, insider threats & AI worry

New research from Proofpoint has indicated that organisations in Singapore continue to face rising cyber risks, including a surge in data loss incidents, emerging threats stemming from both artificial intelligence (AI) and insiders, and growing pressure on chief information security officers (CISOs).

The Proofpoint 2025 Voice of the CISO report surveyed 1,600 CISOs across 16 countries to examine the state of cybersecurity leadership, revealing significant concerns about readiness and resilience among Singaporean organisations amidst rapid technological change and a challenging threat landscape.

Data loss concerns

According to the report, 91% of CISOs in Singapore experienced material data loss in the past year, marking a threefold increase from 2024, and well above the global average of 66%. This figure was the second-highest rate among surveyed CISOs internationally. The report notes that Singapore is the only Asia Pacific market where all CISOs who experienced data loss attributed the incidents to departing employees, an increase from 63% the previous year.

Despite widespread adoption of data loss prevention tools, 43% of CISOs in Singapore believe their organisation's data remains inadequately protected. As a result, information protection and governance has become a top priority for 63% of respondents, prompting a shift towards dynamic and context-aware security strategies.

Threat landscape and preparedness

The survey also highlighted the breadth of cyber threats confronting Singaporean CISOs. Ransomware, supply chain attacks, email fraud, insider threats, and cloud account takeovers are all cited as principal concerns. Regardless of the attack vector, the consequence is often the same: loss of data.

Reflecting this high-risk environment, 82% of Singapore CISOs feel at risk of experiencing a material cyberattack in the next 12 months, up from 67% last year. However, 53% admit their organisation is unprepared to respond to such incidents.

Worryingly, the report found that 59% of CISOs in Singapore would consider paying a ransom to restore systems or prevent data leaks, a figure that underscores both the severity of potential compromise and the increasing pressure on security leadership.

Human risk and insider threats

Human error remains a critical vulnerability, with 61% of CISOs identifying people - rather than technology - as their greatest cybersecurity risk. This comes despite two-thirds (66%) of CISOs believing that employees understand cybersecurity best practices, indicating a significant gap between awareness and effective behaviour.

To address this human element, 97% of organisations surveyed have implemented dedicated insider risk resources designed to bridge the gap between knowledge and practice. The intersection of insider risk and AI-driven threats is also coming to the fore, especially as Singapore continues to advance national AI adoption while grappling with ongoing advanced persistent threat (APT) campaigns.

AI adoption and security implications

The advance of AI has emerged as both an opportunity and a source of concern for CISOs. Forty-one percent of Singapore CISOs report that enabling use of generative AI (GenAI) tools is a strategic priority over the next two years. However, the same number express apprehension regarding potential customer data loss via public GenAI platforms, with collaboration tools and GenAI chatbots listed among the top security threats.

The report found a shift towards governance rather than outright restriction: 53% of organisations have implemented AI usage guidelines, 66% are exploring AI-powered defensive measures (down from 86% last year), and more than half (51%) restrict employee use of GenAI tools entirely.

"This year's findings reveal a growing disconnect between confidence and capability among CISOs," said Patrick Joyce, Global Resident CISO at Proofpoint. "While many security leaders express optimism about their organisation's cyber posture, the reality tells a different story - rising data loss, readiness gaps, and persistent human risk continue to undermine resilience. As GenAI adoption accelerates both opportunity and threat, CISOs are being asked to do more with less, navigate unprecedented complexity, and still safeguard what matters most. It's clear that the role of the CISO has never been more pivotal - or more pressured."

Boardroom alignment and CISO pressure

Boardroom alignment with CISOs in Singapore has dropped to 51% this year from 81% in 2024. Nonetheless, protection of organisational reputation has surfaced as boards' principal concern in the aftermath of a cyberattack, indicating that cybersecurity is becoming more recognised as a strategic issue.

Despite this strategic recognition, CISOs face rising personal and professional pressures. The report found that 58% of CISOs in Singapore report excessive expectations, and nearly half (49%) have experienced or witnessed burnout in the past year. While more than half (56%) of organisations have put in measures to protect CISOs from personal liability, 38% remain concerned about a lack of resources to fulfil their security responsibilities.

"Singapore organisations are facing a perfect storm of cybersecurity challenges, with insider threats and AI risks converging to create unprecedented data protection challenges," said George Lee, Senior Vice President, Asia Pacific & Japan, Proofpoint. "91% of CISOs in Singapore have already experienced material data loss this year, and it should serve as a clear and urgent message for businesses across the nation. As Singapore continues to strengthen its position as a digital hub in Asia, organisations must prioritise human-centric security strategies that address both the people element and emerging technologies to safeguard their most critical assets." "Artificial intelligence has moved from concept to core, transforming how both defenders and adversaries operate," commented Ryan Kalember, Chief Strategy Officer at Proofpoint. "CISOs now face a dual responsibility: harnessing AI to strengthen their security posture while ensuring its ethical and responsible use. This balancing act places them at the centre of strategic decision-making. But AI is just one of many forces reshaping the CISO role. As threats intensify and environments grow more complex, organisations are reevaluating what cybersecurity leadership really looks like in today's enterprise."

The report's findings are based on survey responses from CISOs at organisations with a workforce of at least 1,000 employees, across a range of industries, reflecting perspectives from the global cybersecurity leadership community.