54% of CISOs lack standardized, business-relevant metrics.

The percentage of U.S. Chief Information Security Officers (CISOs) who are very or extremely concerned about losing their job after a major breach decreased from 77% in 2024 to 55% in 2025.

58% of CISOs say incidents occurred even though their security tools were in place.

Two-thirds of CISOs report feeling burned out weekly or daily.

87% of CISOs say pressure in their role has increased over the past year.

78% of U.S. CISOs expect AI to create a moderate or significant amount of new IT or security work for their teams due to AI-related security risks and vulnerabilities.

56% of CISOs say their security tools don’t integrate fully.

CISO confusion about cyber insurance policy coverage for supply-chain attacks decreased from 58% in 2024 to 43% in 2025.

40% of CISOs considered leaving their role altogether.

82% of CISOs feel confident quantifying risk.

57% of CISOs report that half or fewer of their security tools deliver measurable Return on Investment (ROI).

39% of CISOs say they often feel blamed, even when incidents fall outside their direct control.

82% of CISOs say they are under pressure from executives or boards to reduce staff using AI.

59% of CISOs cite agentic AI as their leading near-term threat.

44% of CISOs rank board or executive expectations as their number-one stressor.

17% of CISOs say they always feel personally blamed for security incidents, regardless of the root cause.

Nearly 20% of recent incidents reported by CISOs were already AI-related.

Boards most often ask CISOs for the following metrics: risk-reduction trendlines (51%), quantified business impact (47%), and incident-response performance metrics (40%).

Overall concern among U.S. CISOs about a breach fell from 86% in 2024 to 62% in 2025.

65% of CISOs manage 20 or more security tools.