Bitdefender has released the 2025 Cybersecurity Assessment Report, an annual report based on an independent survey and analysis of cybersecurity professionals revealing the most urgent concerns, key challenges, and threat perceptions shaping enterprise security.

The report is based on an independent survey and analysis of over 1,200 IT and security professionals ranging from IT manager to chief information security officer (CISO) who work in companies with 500 or more employees in geographical regions across the world including France, Germany, Italy, Singapore, United Kingdom (U.K.), and the United States (U.S.).

Key Findings From the 2025 Cybersecurity Assessment Report

• Over half surveyed have been pressured to stay silent on breaches – Alarmingly, more than half (57.6%) of the IT/security professionals surveyed said they had been told to keep a breach confidential, even when they believed it should be reported to authorities. This represents a 38% increase compared to Bitdefender’s 2023 report when asked the same question. Regionally, Singapore had the highest rate at 75.7%, followed by the U.S. at 73.8%, the U.K. at 58.1%, Italy 52.8%, Germany 48.4%, and France reporting the lowest rate at 35.4%.
• Attack surface reduction is a top priority – A significant 67.7% of professionals emphasised the importance of reducing their cyberattack surface by disabling unnecessary tools or applications. The U.S. (75%) and Singapore (71%) led this trend, followed by Italy at 69% and Germany and U.K both at 64%. This aligns with Bitdefender research showing 84% of major attacks now involve legitimate tools already present in the environment (i.e., Living-Off-the-Land or LOTL tactics). When asked which surfaces are most at risk, cloud infrastructure and services topped the list (21.4%), followed by network infrastructure (18.6%) and endpoints/user devices (16.8%).
• Leadership confidence outpaces frontline reality – While 45% of C-level executives say they are ‘very confident’ in managing cyber risk, only 19% of mid-level managers agree. This disconnect extends to priorities: 41% of C-level executives cite adopting AI tools as their top focus, while 35% of mid-level managers prioritise strengthening cloud security and identity management—spotlighting a growing divide between strategic vision and operational needs.
• Over 67% perceive a rise in AI-driven cyberattacks – 67% of overall respondents believe AI-driven attacks have increased, with concern highest in France (73.5%), the U.S. (71%), and Singapore (70%). Notably, 20.3% see AI-powered malware as an extremely significant risk, with concern climbing to 25% among senior management compared to just 15% of middle management. However, industry research (including Bitdefender investigations) continues to find little evidence of sophisticated malware entirely created by AI – rather, adversaries are using AI tools such as chatbots to refine or troubleshoot malicious code.
• AI-generated threats top the list of businesses concerns – When asked which threats are most concerning to their organisation, 51% cited AI-generated threats (e.g., deepfakes, automated malware, malicious code), followed closely by phishing/social engineering (44.7%), software vulnerabilities and zero-days (37%), and ransomware (35%). Additionally, 51% of respondents view AI-enhanced social engineering as a fairly or extremely significant concern, and 63.3% believe their organisation experienced an attack involving some element of AI within the past 12 months.
• Security solution complexity is a mounting challenge – 31% of respondents cited tool complexity as their biggest challenge with their current security solutions. Extending protection across environments (29%) and internal skills shortages (28%) followed closely. Germany (41%) reported the highest difficulty with complexity, while Singapore (39%) reported the highest concern with lack of in-house expertise. Additionally, one in four (25%) flagged compliance navigation as their biggest challenge with security solutions.
• Cybersecurity skills gap and job burnout are worsening – 49% of respondents say the skills gap within their organisation has worsened over the past 12 month, with the U.S. highest at 63.5% (14% percentage point above the average), followed by Singapore (59%), Germany (51%). This correlates with questions on job satisfaction, where 49% of respondents agree they experience burnout due to the constant need to monitor and respond to evolving cyberthreats – with 50% of professionals in the U.S. and Singapore planning to seek new jobs in the next year. Ironically, 95% of C-level and senior executives believe their organisation is effectively managing risk – revealing further disconnect with frontline cybersecurity teams.

“Businesses face mounting challenges and pressures as the attack surface expands and becomes harder to defend – from hardening environments and optimising security solutions to navigating regulatory compliance and retaining skilled professionals,” said Andrei Florescu, president and general manager of Bitdefender Business Solutions Group. “The findings in this report make it clear that organisations must adopt modern security strategies that address a new reality where adversaries use AI to exploit vulnerabilities, sharpen social engineering, and accelerate the speed of attacks. Effective cybersecurity not only stops attacks but also continuously reduces risk and ensures ongoing compliance across the organisation.”