A new study reveals that nearly half of cybersecurity leaders failed to report material breaches to their organizations’ boards in the past year, underscoring growing challenges in transparency and risk management. The 2025 Cyber Threat Landscape Report by VikingCloud found that 48% of leaders withheld breach information, and 22% admitted to concealing five or more incidents.
According to respondents, the primary reasons for nondisclosure were fear of punitive action from boards and concerns about reputational or financial repercussions. The report cautions that underreporting “hides the true scale of attacks,” limiting executive awareness of organizational cyber risk.
Frequency and Financial Impact of Cyberattacks
Cyber incidents continue to rise in both frequency and severity. Seventy-one percent of cybersecurity leaders reported more frequent attacks in 2025, while 61% said the severity of incidents increased compared to 2024.
More than half of the surveyed organizations experienced financial losses of at least 5% of annual revenue due to cyberattacks. For a company with $500 million in annual revenue, that loss would total $25 million. Smaller firms face especially high vulnerability—55% of small and mid-sized businesses indicated they would not survive an attack costing $50,000 or more.
AI and Insider Threats Drive New Risks
Artificial intelligence continues to reshape both sides of cybersecurity. Fifty-eight percent of leaders believe AI was used in breaches targeting their organizations in the past year. AI-driven phishing attacks saw a steep rise in concern—from 22% in 2024 to 51% in 2025.
Insider threats also remain prevalent. Thirty-six percent of respondents said internal actors, whether careless or malicious, accounted for more than a quarter of recent incidents. As VikingCloud Chief Operating Officer Kevin Pierce noted, phishing has become a major concern because it is “faster, more scalable, and increasingly autonomous.”
Nation-State and Geopolitical Threats
Nation-state cyberattacks are an increasing focus for organizations. Nearly 80% of leaders expressed concern about being targeted within the next year. These attacks are often persistent and well-funded, exploiting vulnerabilities in third-party systems.
Seventy-six percent of leaders said reductions in U.S. federal cybersecurity programs have heightened organizational risk. The report links this concern to broader geopolitical tensions that continue to affect global digital security.
Lagging Defenses Against AI-Powered Attacks
Many organizations report difficulty keeping pace with evolving threats. Sixty-eight percent said they lack confidence in defending against AI-powered attacks, while only 24% feel very confident in detecting them.
The rise of ransomware-as-a-service, deepfakes, and zero-day exploits has pushed many firms to seek outside help. Sixty-six percent of organizations now rely on managed security service providers—double the number from 2024.
Increased Cybersecurity Investment in 2025
In response to the growing threat landscape, organizations have raised their cybersecurity budgets and training efforts. Thirty-three percent of firms increased security budgets in 2025, compared to 7% the previous year.
Security awareness training expanded significantly, with 51% of organizations now addressing AI-related risks. Forty-three percent have launched training programs focused specifically on generative and agentic AI threats.
AI’s Dual Role in Defense and Risk
While AI contributes to emerging risks, it is also a critical defense tool. Ninety-six percent of organizations use AI to automate cybersecurity functions such as patching, threat analysis, and incident detection. Automation helps reduce alert fatigue and allows security teams to focus on complex threats.
However, the report found persistent gaps—one-third of leaders said cybercriminals remain more technologically advanced than their internal teams.
Recommendations for Building Cyber Resilience
VikingCloud concludes the report with five key strategies to strengthen organizational defenses:
- Recognize the influence of geopolitical developments.
- Adopt advanced AI-driven defense tools.
- Promote a transparent and accountable security culture.
- Automate routine defense operations.
- Evaluate outsourcing options for cybersecurity management.
The study emphasizes that visibility, training, and preparedness are critical to building resilience in an environment where AI-driven threats continue to expand.
Methodology
The findings are based on a July 2025 online survey of 200 cybersecurity leaders across the United States, United Kingdom, and Ireland. Respondents represented industries including retail (45%), healthcare (34%), hospitality (12%), travel (4%), and restaurant/food service (6%). All participants held director-level or higher roles, with 43% in C-suite positions.
Stay informed and ahead of the curve — explore more industry insights and program opportunities at ProgramBusiness.com.