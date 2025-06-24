Survey of 1,200 Security Professionals Finds Over Half Pressured to Stay Silent on Breaches; Attack Surface Reduction and AI Threats Top Concerns; Leadership-Frontline Disconnect Persists

Bitdefender, a leading global cybersecurity company, today released the 2025 Cybersecurity Assessment Report, an annual report based on an independent survey and analysis of cybersecurity professionals revealing the most urgent concerns, key challenges, and threat perceptions shaping enterprise security.

The report is based on an independent survey and analysis of over 1,200 IT and security professionals ranging from IT manager to chief information security officer (CISO) who work in companies with 500 or more employees in geographical regions across the world including France, Germany, Italy, Singapore, United Kingdom (U.K.), and the United States (U.S.).

Key findings from the 2025 Cybersecurity Assessment Report include:

Over half surveyed have been pressured to stay silent on breaches - Alarmingly, more than half (57.6%) of the IT/security professionals surveyed said they had been told to keep a breach confidential, even when they believed it should be reported to authorities. This represents a 38% percent increase compared to Bitdefender's 2023 report when asked the same question. Regionally, Singapore had the highest rate at 75.7%, followed by the U.S. at 73.8%, the U.K. at 58.1%, Italy 52.8%, Germany 48.4%, and France reporting the lowest rate at 35.4%.

- Alarmingly, more than half (57.6%) of the IT/security professionals surveyed said they had been told to keep a breach confidential, even when they believed it should be reported to authorities. This represents a 38% percent increase compared to Bitdefender's 2023 report when asked the same question. Regionally, Singapore had the highest rate at 75.7%, followed by the U.S. at 73.8%, the U.K. at 58.1%, Italy 52.8%, Germany 48.4%, and France reporting the lowest rate at 35.4%. Attack surface reduction is a top priority - A significant 67.7% of professionals emphasized the importance of reducing their cyberattack surface by disabling unnecessary tools or applications. The U.S. (75%) and Singapore (71%) led this trend, followed by Italy at 69% and Germany and U.K both at 64%. This aligns with Bitdefender research showing 84% of major attacks now involve legitimate tools already present in the environment (i.e., Living-Off-the-Land or LOTL tactics). When asked which surfaces are most at risk, cloud infrastructure and services topped the list (21.4%), followed by network infrastructure (18.6%) and endpoints/user devices (16.8%).

- A significant 67.7% of professionals emphasized the importance of reducing their cyberattack surface by disabling unnecessary tools or applications. The U.S. (75%) and Singapore (71%) led this trend, followed by Italy at 69% and Germany and U.K both at 64%. This aligns with Bitdefender research showing 84% of major attacks now involve legitimate tools already present in the environment (i.e., Living-Off-the-Land or LOTL tactics). When asked which surfaces are most at risk, cloud infrastructure and services topped the list (21.4%), followed by network infrastructure (18.6%) and endpoints/user devices (16.8%). Leadership confidence outpaces frontline reality While 45% of C-level executives say they are 'very confident' in managing cyber risk, only 19% of mid-level managers agree. This disconnect extends to priorities: 41% of C-level executives cite adopting AI tools as their top focus, while 35% of mid-level managers prioritize strengthening cloud security and identity management-spotlighting a growing divide between strategic vision and operational needs.

While 45% of C-level executives say they are 'very confident' in managing cyber risk, only 19% of mid-level managers agree. This disconnect extends to priorities: 41% of C-level executives cite adopting AI tools as their top focus, while 35% of mid-level managers prioritize strengthening cloud security and identity management-spotlighting a growing divide between strategic vision and operational needs. Over 67% perceive a rise in AI-driven cyberattacks - Sixty-seven percent of overall respondents believe AI-driven attacks have increased, with concern highest in France (73.5%), the U.S. (71%), and Singapore (70%). Notably, 20.3% see AI-powered malware as an extremely significant risk, with concern climbing to 25% among senior management compared to just 15% of middle management. However, industry research (including Bitdefender investigations) continues to find little evidence of sophisticated malware entirely created by AI-rather, adversaries are using AI tools such as chatbots to refine or troubleshoot malicious code.

- Sixty-seven percent of overall respondents believe AI-driven attacks have increased, with concern highest in France (73.5%), the U.S. (71%), and Singapore (70%). Notably, 20.3% see AI-powered malware as an extremely significant risk, with concern climbing to 25% among senior management compared to just 15% of middle management. However, industry research (including Bitdefender investigations) continues to find little evidence of sophisticated malware entirely created by AI-rather, adversaries are using AI tools such as chatbots to refine or troubleshoot malicious code. AI-generated threats top the list of businesses concerns - When asked which threats are most concerning to their organization, 51% cited AI-generated threats (e.g., deepfakes, automated malware, malicious code), followed closely by phishing/social engineering (44.7%), software vulnerabilities and zero-days (37%), and ransomware (35%). Additionally, 51% of respondents view AI-enhanced social engineering as a fairly or extremely significant concern, and 63.3% believe their organization experienced an attack involving some element of AI within the past 12 months.

- When asked which threats are most concerning to their organization, 51% cited AI-generated threats (e.g., deepfakes, automated malware, malicious code), followed closely by phishing/social engineering (44.7%), software vulnerabilities and zero-days (37%), and ransomware (35%). Additionally, 51% of respondents view AI-enhanced social engineering as a fairly or extremely significant concern, and 63.3% believe their organization experienced an attack involving some element of AI within the past 12 months. Security solution complexity is a mounting challenge - Thirty-one percent of respondents cited tool complexity as their biggest challenge with their current security solutions. Extending protection across environments (29%) and internal skills shortages (28%) followed closely. Germany (41%) reported the highest difficulty with complexity, while Singapore (39%) reported the highest concern with lack of in-house expertise. Additionally, one in four (25%) flagged compliance navigation as their biggest challenge with security solutions.

- Thirty-one percent of respondents cited tool complexity as their biggest challenge with their current security solutions. Extending protection across environments (29%) and internal skills shortages (28%) followed closely. Germany (41%) reported the highest difficulty with complexity, while Singapore (39%) reported the highest concern with lack of in-house expertise. Additionally, one in four (25%) flagged compliance navigation as their biggest challenge with security solutions. Cybersecurity skills gap and job burnout are worsening Forty-nine percent of respondents say the skills gap within their organization has worsened over the past 12 month, with the U.S. highest at 63.5% (14 percentage points above the average), followed by Singapore (59%), Germany (51%). This correlates with questions on job satisfaction, where 49% of respondents agree they experience burnout due to the constant need to monitor and respond to evolving cyberthreats-with 50% of professionals in the U.S. and Singapore planning to seek new jobs in the next year. Ironically, 95% of C-level and senior executives believe their organization is effectively managing risk-revealing further disconnect with frontline cybersecurity teams.

"Businesses face mounting challenges and pressures as the attack surface expands and becomes harder to defend-from hardening environments and optimizing security solutions to navigating regulatory compliance and retaining skilled professionals," said Andrei Florescu, president and general manager of Bitdefender Business Solutions Group. "The findings in this report make it clear that organizations must adopt modern security strategies that address a new reality where adversaries use AI to exploit vulnerabilities, sharpen social engineering, and accelerate the speed of attacks. Effective cybersecurity not only stops attacks but also continuously reduces risk and ensures ongoing compliance across the organization."

Data Sources

Bitdefender commissioned Censuswide, a leading international market research consultancy firm, to survey and analyze responses from 1,200 IT and security professionals who work in companies with 500 or more employees across various industries. The survey and analysis took place from April 2025 through May 2025. The respondents were geographically split equally between France, Germany, Italy, Singapore, U.K., and the U.S.

To download a complimentary copy of the full Bitdefender 2025 Cybersecurity Assessment Report, visit here.

About Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry's most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world's most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world. For more information, visit https://www.bitdefender.com.

Trusted. Always.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250624779014/en/

Contacts:

Steve Fiore

Bitdefender

1-954-776-6262

sfiore@bitdefender.com