For HomeFor BusinessFor Partners
SMB Security Enterprise Security Ransomware Threat Research Endpoint Detection and Response Managed Detection and Response
6 min read

Key Findings from the Bitdefender 2025 Cybersecurity Assessment Report

Bruce Sussman
Bruce Sussman

June 24, 2025

Key Findings from the Bitdefender 2025 Cybersecurity Assessment Report

Data reveals an AI reality check, mounting pressure to remain silent after a breach, and an increased focus on reducing the attack surface.

Bitdefender’s 2025 Cybersecurity Assessment Report provides a timely, data-focused snapshot of the current state of cybersecurity. Two data sources drive the findings: an independent survey of more than 1,200 IT and security professionals across the U.S., U.K., France, Germany, Italy, and Singapore; and a Bitdefender Labs analysis of 700,000 cyber incidents. This year, the third annual report reveals critical truths behind today’s evolving risks, internal challenges, and operational blind spots.

Download the 2025 Cybersecurity Assessment Report or keep reading for some key themes that emerged.

More Organizations Are Keeping Breaches Quiet

Security breaches don’t just impact systems; they also test the integrity of an organization’s response.

Alarmingly, this year’s survey revealed that 58% of security professionals were instructed to keep a breach confidential, even when they believed it should be reported.

That’s a 38% increase over our 2023 findings, indicating a trend toward secrecy. The decision to remain quiet could compromise transparency, stakeholder trust, and regulatory compliance.

The data from this year’s report also breaks down this challenge by geography, examining the countries where being asked to stay quiet is most common. It also reveals that CISOs and CIOs are more likely to feel this pressure than frontline cybersecurity professionals.

Attack Surface Reduction: From Priority to Imperative

Modern adversaries are moving away from bringing tools—they use yours.

Bitdefender analyzed 700,000 cyber incidents and found that 84% of high-severity cyberattacks now abuse legitimate tools already present in the environment.

These Living Off the Land (LOTL) tactics typically bypass traditional defenses and operate undetected. This is likely the driver behind another key finding in the report: Attack surface reduction is a top priority for 68% of those surveyed, with the U.S. (75%) and Singapore (71%) leading the charge.

Organizations that streamline their environments, disable unnecessary applications, and reduce lateral movement pathways are better equipped to prevent and contain intrusions—before they escalate into business-disrupting events.

AI Concerns Are Rising, But Reality Is More Nuanced

Artificial intelligence continues to reshape both defensive and offensive capabilities in cybersecurity. And the concern around AI threats is significant for cybersecurity professionals in every country surveyed.

  • 67% of respondents believe AI-driven attacks have increased
  • 58% cite AI-powered malware as their top concern

The report ranks additional concerns related to AI-related attacks and examines the prevalence of AI-enhanced attacks by country to identify where defenders are most frequently encountering this threat.

Perception Gap Between Cybersecurity Leadership and Operations

When perception doesn’t align with reality, risk increases. And when the C-suite and frontline teams prioritize different things, it can slow progress.

Our research reveals a notable disconnect between CISOs, CIOs, and their frontline security teams. One example:

  • 45% of C-level executives say they are "very confident" in managing cyber risk
  • Only 19% of mid-level managers agree

Another area of disconnect uncovered in the research: Executives (41%) say adopting AI tools is the top priority, while mid-level managers (35%) say they are most focused on cloud security and identity management.

The report examines additional areas of disagreement and highlights key areas where strong alignment exists.

The Road Ahead: Actionable Strategies from a Global Snapshot

The 2025 Cybersecurity Assessment Report is more than a snapshot of today’s risk—it’s a strategic resource for preparing tomorrow’s defense.

It reinforces several key themes:

  • Attack surfaces must be actively reduced
  • Tool sprawl and complexity must be addressed
  • Worry around AI risks continues and should be checked against reality
  • Team burnout and skills gaps must be resolved
  • Internal alignment is critical to success

As cyberattacks become more agile and persistent, defending the business requires a comprehensive view across people, processes, and technologies.

Download the Report

Cybersecurity isn’t just about stopping threats. It’s about reducing risk, enabling business continuity, and ensuring that the organization is positioned to thrive, even in the face of uncertainty. This year's report contains key insights that can help.

Read the 2025 Cybersecurity Assessment Report

tags

SMB Security Enterprise Security Ransomware Threat Research Endpoint Detection and Response Managed Detection and Response

Author

Bruce Sussman

Bruce Sussman

Bruce Sussman is an award winning journalist and Director of Content Marketing and Communications at Bitdefender. He spent many years on-air in local news for his first career, and for his second career, he accidentally fell into cybersecurity and loved it. He's worked directly with CISOs at Gartner and has been a content leader and multi-media host at both SecureWorld and BlackBerry.

View all posts

Right now Top posts

Why Alert Volume Matters: Cutting Through the Noise
Endpoint Protection & Management

Why Alert Volume Matters: Cutting Through the Noise

February 27, 2025

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
Ransomware Threat Research Threat Intelligence

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again

November 13, 2024

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Meow, Meow Leaks, and the Chaos of Ransomware Attribution
Enterprise Security Ransomware Threat Research Threat Intelligence

Meow, Meow Leaks, and the Chaos of Ransomware Attribution

September 29, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Key Findings from the Bitdefender 2025 Cybersecurity Assessment Report
SMB Security Enterprise Security Ransomware Threat Research Endpoint Detection and Response Managed Detection and Response

Key Findings from the Bitdefender 2025 Cybersecurity Assessment Report
Bruce Sussman
Bruce Sussman

June 24, 2025

How to Use NIST CSF 2.0 to Identify Security Gaps (Part 5)
SMB Security Enterprise Security

How to Use NIST CSF 2.0 to Identify Security Gaps (Part 5)
Kevin Gee
Kevin Gee

June 18, 2025

Bitdefender Threat Debrief | June 2025
Ransomware Bitdefender Threat Debrief Threat Intelligence

Bitdefender Threat Debrief | June 2025
Jade Brown
Jade Brown

June 10, 2025

Bookmarks

loader