Cybersecurity staff face silence over breaches amid AI threats

A new report from Bitdefender has shown that a significant number of cybersecurity professionals face pressure to remain silent about data breaches, alongside mounting concerns regarding AI-driven cyber threats and persistent skills shortages in the industry.

The 2025 Cybersecurity Assessment Report is based on a survey of 1,200 IT and security professionals, covering companies with more than 500 employees in France, Germany, Italy, Singapore, the United Kingdom, and the United States. The findings highlight key issues and disconnects impacting the global security landscape.

Pressure to stay quiet

According to the report, 57.6% of those surveyed have been instructed to keep data breaches confidential, even when the professionals themselves believed the incidents should be reported to relevant authorities. This marks a 38% increase compared to the previous survey in 2023.

Pressure to remain silent varied by region, with the highest rates reported in Singapore (75.7%) and the United States (73.8%). The United Kingdom reported 58.1%, Italy 52.8%, Germany 48.4%, and France 35.4%.

Reducing attack surfaces

Reducing the so-called attack surface—by disabling unnecessary tools or applications—was highlighted by 67.7% of respondents as a key priority. The United States (75%) and Singapore (71%) were most focused on this approach, followed by Italy (69%), and both Germany and the United Kingdom (64%). This aligns with research finding that 84% of major attacks now involve legitimate tools already present in the environment, a technique known as Living-Off-the-Land (LOTL).

Cloud infrastructure and services were identified as the most at-risk areas (21.4%), followed by network infrastructure (18.6%) and user devices (16.8%).

Leadership and frontline divide

The report highlights a disconnect between leadership and frontline cybersecurity staff on risk management. While 45% of C-level executives said they are "very confident" in handling cyber risks, only 19% of mid-level managers expressed the same confidence.

There are also differences in perceived priorities. 41% of C-level executives identified the adoption of AI tools as their main focus, versus 35% of mid-level managers, who cited cloud security and identity management as their chief concerns.

AI-driven threats

A significant 67% of respondents believe there has been an increase in AI-driven attacks, with concern highest in France (73.5%), the United States (71%), and Singapore (70%). Around 20.3% view AI-powered malware as an extremely severe risk, a figure that rises to 25% among senior management.

While broad adoption of AI-generated malware is still not widely evidenced, AI tools such as chatbots are reportedly being used by adversaries to refine and troubleshoot malicious code, according to industry research cited in the report.

Business concerns

AI-generated threats were named by 51% of respondents as their organisation's main concern, followed by phishing and social engineering attacks (44.7%), software vulnerabilities and zero-days (37%), and ransomware (35%).

Concerns about AI-augmented social engineering were also notable, with 51% of professionals rating this as fairly or extremely significant and 63.3% believing their organisation had experienced an attack involving some element of AI in the past year.

Challenges and skills shortage

The complexity of security solutions is regarded as a key challenge, with 31% of respondents citing this as their main problem. This was followed closely by extending protection across different environments (29%), and shortages of internal expertise (28%). Germany reported the highest concern regarding complexity (41%), while Singapore led in concerns about in-house skills shortages (39%). A quarter (25%) also highlighted navigating compliance requirements as their primary challenge.

The report indicates that 49% believe the cybersecurity skills gap has worsened in the past year, with the United States highest at 63.5%, followed by Singapore at 59% and Germany at 51%. The same proportion, 49%, reported experiencing job burnout due to the constant demands of cyber defence, with half of the professionals in the United States and Singapore planning to look for new roles in the next 12 months.

Despite these issues, 95% of C-level and senior executives stated confidence in their organisations' risk management, indicating a further disconnect with frontline cybersecurity teams.

"Businesses face mounting challenges and pressures as the attack surface expands and becomes harder to defend – from hardening environments and optimising security solutions to navigating regulatory compliance and retaining skilled professionals," said Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group. "The findings in this report make it clear that organisations must adopt modern security strategies that address a new reality where adversaries use AI to exploit vulnerabilities, sharpen social engineering, and accelerate the speed of attacks. Effective cybersecurity not only stops attacks but also continuously reduces risk and ensures ongoing compliance across the organisation."

Bitdefender commissioned market research consultancy Censuswide to conduct the survey and analysis between April and May 2025, with equal representation from six regions worldwide.