2025 CISO Pressure Index,

13% of CISOs oversee 50 or more security tools.

90% of CISOs say their role may be at risk to some degree if a breach were to occur.

33% of CISOs rank external threats as their number-one stressor.

54% of CISOs lack standardized, business-relevant metrics.

58% of CISOs say incidents occurred even though their security tools were in place.

Two-thirds of CISOs report feeling burned out weekly or daily.

87% of CISOs say pressure in their role has increased over the past year.

56% of CISOs say their security tools don’t integrate fully.

40% of CISOs considered leaving their role altogether.

82% of CISOs feel confident quantifying risk.

57% of CISOs report that half or fewer of their security tools deliver measurable Return on Investment (ROI).

39% of CISOs say they often feel blamed, even when incidents fall outside their direct control.

82% of CISOs say they are under pressure from executives or boards to reduce staff using AI.

59% of CISOs cite agentic AI as their leading near-term threat.

44% of CISOs rank board or executive expectations as their number-one stressor.

17% of CISOs say they always feel personally blamed for security incidents, regardless of the root cause.

Nearly 20% of recent incidents reported by CISOs were already AI-related.

Boards most often ask CISOs for the following metrics: risk-reduction trendlines (51%), quantified business impact (47%), and incident-response performance metrics (40%).

65% of CISOs manage 20 or more security tools.

73% of U.S. CISOs reported facing a significant cyber incident in the past six months.