More than half of cybersecurity professionals told to conceal breaches, survey claims

Survey has found growing pressure on cybersecurity professionals to conceal breaches. (Photo: Bizketz/Shutterstock)

More than half of cybersecurity professionals globally, at 57.6%, have been pressured to keep security breaches undisclosed, according to a survey by Bitdefender. In those instances, the respondents believed the incidents should have been reported. This marks a 38% increase compared to the company’s 2023 findings.

The report draws from input provided by 1,200 IT and security professionals across France, Germany, Italy, Singapore, the UK, and the US. The findings show regional variance, with Singapore recording the highest percentage of breach non-disclosure pressure at 75.7%, followed by the US at 73.8%. France registered the lowest rate at 35.4%. All respondents work at organisations with at least 500 employees.

“The findings in this report make it clear that organisations must adopt modern security strategies that address a new reality where adversaries use AI to exploit vulnerabilities, sharpen social engineering, and accelerate the speed of attacks,” said Bitdefender business solutions general manager Andrei Florescu. “Effective cybersecurity not only stops attacks but also continuously reduces risk and ensures ongoing compliance across the organisation.”

A total of 67.7% of professionals surveyed prioritised the reduction of attack surfaces by disabling unnecessary applications and services. The US (75%) and Singapore (71%) led this initiative, while Italy (69%), Germany (64%), and the UK (64%) followed. This trend reflects findings that 84% of major cyberattacks involve legitimate tools already existing within enterprise environments, often through techniques such as living-off-the-land (LOTL).

When asked which systems face the highest risk, 21.4% of respondents selected cloud infrastructure, followed by 18.6% who identified network infrastructure and 16.8% who cited endpoints and user devices.

Senior executives report higher cyber risk confidence than mid-level professionals

Discrepancies in risk perception were reported between leadership and operational teams. While 45% of C-level executives expressed strong confidence in managing cyber threats, only 19% of mid-level managers agreed. Strategic focus also differed: 41% of executives prioritised AI adoption, while 35% of mid-level staff focused on cloud security and identity management.

The report shows that 67% of respondents have seen a rise in AI-driven attacks, with concern highest in France (73.5%), the US (71%), and Singapore (70%). AI-powered malware was seen as a major risk by 20.3%, rising to 25% among senior leaders and falling to 15% among mid-level staff. Overall, 51% cited AI-generated threats as their top concern, followed by phishing and social engineering (44.7%), software flaws and zero-days (37%), and ransomware (35%). Additionally, 63.3% reported experiencing at least one AI-related attack in the past year.

Complexity of security tools was cited as the most pressing challenge by 31% of respondents, followed by difficulties in securing hybrid environments (29%) and internal skills shortages (28%). Germany had the highest rate of respondents naming tool complexity as a barrier (41%), while Singapore reported the highest concern with in-house expertise at 39%.

Nearly half (49%) of all participants reported that the cybersecurity skills gap in their organisation had worsened in the past year. This was particularly evident in the US (63.5%), Singapore (59%), and Germany (51%). Despite these figures, 95% of C-level and senior executives reported confidence in their organisation’s risk posture.

Read more: Survey reveals 98% of CISOs anticipate increased cyberattacks within three years