Estimated reading time: 4 minutes
Cyberattacks Hidden from Leadership –
Cyber risk! What cyber risk? Almost half of cybersecurity leaders did not report material breaches to their boards in the past year. The 2025 Cyber Threat Landscape Report by VikingCloud shows that 48% of leaders kept incidents from executives. Alarmingly, 22% admitted to hiding five or more breaches. Leaders cite two main reasons for silence: fear of punitive reactions from boards and concern about reputational or financial fallout.
“Underreporting hides the true scale of attacks,” the report warns, leaving executives blind to actual cyber risk.
This secrecy threatens public awareness and insurance underwriting. You cannot prepare for what you cannot see. A lack of transparency undermines cyber resilience, leaving businesses vulnerable to increasingly sophisticated and escalating cyber threats.
Rising Frequency and Severity of Cyberattacks
Cyber leaders confirm attacks are growing both in number and impact. Seventy-one percent report more frequent incidents, while 61% say severity has increased since 2024. Over half of organizations lost at least 5% of their annual revenue to attacks, for a $500 million company, that equates to $25 million lost.
The financial toll can cripple smaller firms. VikingCloud notes that 55% of small and mid-sized businesses would not survive a cyberattack costing $50,000 or more. Enhancing cyber resilience is essential.
AI and Insider Threats Accelerate Risk
Artificial intelligence plays a central role in modern attacks. Fifty-eight percent of leaders believe AI was used in breaches targeting their firms last year. AI-driven attacks involving phishing have grown sharply, with leadership concern jumping from 22% in 2024 to 51% in 2025.
Insider threats are also expanding. Thirty-six percent of leaders report that internal actors, whether careless or malicious, were responsible for more than a quarter of recent incidents. Employees remain both the first and last line of defense.
VikingCloud Chief Operating Officer Kevin Pierce warned: “Phishing has become a top concern, not just because it’s more convincing, but because it’s faster, more scalable, and increasingly autonomous.”
Nation-State Threats on the Horizon
Nation-state cyberattacks loom as a major concern. Nearly 80% of leaders fear being targeted in the next year. These attacks are typically persistent, well-funded, and exploit vulnerabilities in third-party systems.
Geopolitical tensions and reduced U.S. federal oversight compound the danger. Seventy-six percent of leaders believe cuts to federal cybersecurity programs increase organizational risk.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Struggling to Keep Pace with AI-Driven Attacks
Sixty-eight percent of organizations lack confidence in real-time defense against AI-powered attacks. Ransomware as a service, deepfakes, and zero-day exploits are evolving faster than internal teams can keep up with.
Only 24% of leaders feel very confident in detecting AI-driven threats. Outsourced support is filling the gap. Sixty-six percent of organizations now rely on managed security service providers, double the number from 2024.
Spending Plans Shift in 2025
Organizations are responding with larger budgets and training investments. In a move to bolster cyber resilience, thirty-three percent of organizations increased their cybersecurity budgets in 2025, compared to just 7% the previous year. Security awareness training rose sharply, with 51% of organizations expanding their programs to cover AI risks.
Most leaders agree that employees need AI-specific training. Forty-three percent have launched programs covering both generative and agentic AI risks. These investments acknowledge that advanced tools are of little value if workers still click on dangerous links.
AI as Both a Threat and an Asset
Ninety-six percent of surveyed organizations use AI to automate cybersecurity tasks. These include patching, incident detection, and threat analysis.
By reducing alert fatigue and automating workflows, AI frees teams to focus on advanced threat hunting and risk management. But gaps remain. Nearly one-third of leaders say cybercriminals are still more advanced than their own teams.
Closing the Gaps
VikingCloud concludes with five strategies for resilience:
- Recognize geopolitical impacts.
- Adopt advanced AI defense tools.
- Foster a transparent security culture.
- Automate routine defense tasks.
- Consider outsourcing cyber defense.
The report leaves no doubt. Cyber risk is rising. Silence and denial will only make the future worse. Underreporting keeps organizations reactive instead of resilient. Cyber resilience demands visibility, investment in training, and preparation for a landscape where AI-driven attacks shape every threat.
Methodology
The report is based on a July 2025 online survey of 200 cybersecurity leaders in the United States, United Kingdom, and Ireland. Respondents came from industries including retail (45%), healthcare (34%), hospitality (12%), travel (4%), and restaurant/food service (6%). All held director-level or higher roles, with 43% occupying C-suite positions.
Related Posts
