A majority (57.5% of IT/security professionals have been pressured to stay silent on breaches, according to a report from Bitdefender.
The report is based on an independent survey and analysis of over 1,200 IT and security professionals ranging from IT manager to chief information security officer (CISO) who work in companies with 500 or more employees.
Respondents are based in France, Germany, Italy, Singapore, the United Kingdom and the United States.
Findings show that more than half of respondents had been told to keep a breach confidential, even when they believed it should be reported to authorities. This represents a 38% increase compared to Bitdefender’s 2023 report when asked the same question.
Regionally, Singapore had the highest rate at 75.7%, followed by the US at 73.8%, the UK at 58.1%, Italy 52.8%, Germany 48.4% and France reporting the lowest rate at 35.4%.
Also, attack surface reduction is a top priority, with 67.7% of professionals emphasising the importance of reducing their cyberattack surface by disabling unnecessary tools or applications.
The US (75%) and Singapore (71%) led this trend, followed by Italy at 69% and Germany and U.K both at 64%. This aligns with Bitdefender research showing 84% of major attacks now involve legitimate tools already present in the environment (that is, Living-Off-the-Land or LOTL tactics).
When asked which surfaces are most at risk, cloud infrastructure and services topped the list (21.4%), followed by network infrastructure (18.6%) and endpoints/user devices (16.8%).
Further, leadership confidence outpaces frontline reality. While 45% of C-level executives say they are “very confident” in managing cyber risk, only 19% of mid-level managers agree. This disconnect extends to priorities: 41% of C-level executives cite adopting AI tools as their top focus, while 35% of mid-level managers prioritise strengthening cloud security and identity management—spotlighting a growing divide between strategic vision and operational needs.
In addition, over 67% perceive a rise in AI-driven cyberattacks, with concern highest in France (73.5%), the U.S. (71%), and Singapore (70%). Notably, 20.3% see AI-powered malware as an extremely significant risk, with concern climbing to 25% among senior management compared to just 15% of middle management.
However, industry research (including Bitdefender investigations) continues to find little evidence of sophisticated malware entirely created by AI – rather, adversaries are using AI tools such as chatbots to refine or troubleshoot malicious code.
Findings also show that AI-generated threats top the list of businesses concerns. When asked which threats are most concerning to their organisation, 51% cited AI-generated threats (like deepfakes, automated malware, malicious code), followed closely by phishing/social engineering (44.7%), software vulnerabilities and zero-days (37%), and ransomware (35%).
Additionally, 51% of respondents view AI-enhanced social engineering as a fairly or extremely significant concern, and 63.3% believe their organisation experienced an attack involving some element of AI within the past 12 months.
The study also found that security solution complexity is a mounting challenge. Among respondents, 31% cited tool complexity as their biggest challenge with their current security solutions. Extending protection across environments (29%) and internal skills shortages (28%) followed closely.
Germany (41%) reported the highest difficulty with complexity, while Singapore (39%) reported the highest concern with lack of in-house expertise. Additionally, one in four (25%) flagged compliance navigation as their biggest challenge with security solutions.
Results show that the cybersecurity skills gap and job burnout are worsening. Almost half (49%) of respondents say the skills gap within their organisation has worsened over the past 12 month, with the US highest at 63.5% (14% percentage point above the average), followed by Singapore (59%), Germany (51%).
This correlates with questions on job satisfaction, where 49% of respondents agree they experience burnout due to the constant need to monitor and respond to evolving cyberthreats. Half (50%) of professionals in the US and Singapore plan to seek new jobs in the next year.
Ironically, 95% of C-level and senior executives believe their organisation is effectively managing risk – revealing further disconnect with frontline cybersecurity teams.Also, attack surface reduction is a top priority, with 67.7% of professionals emphasising the importance of reducing their cyberattack surface by disabling unnecessary tools or applications.
