Cybersecurity leaders underreport cyber incidents to executives

Cyberattacks are becoming more frequent and severe, with 71% of surveyed security leaders saying attacks have grown more common in the past year and 61% reporting greater impact when incidents occur, according to a new report from VikingCloud.

Nation-state attacks move to the forefront

Nearly 80% of surveyed security leaders said they are concerned about being targeted by a nation-state attack within the next year. The study shows how geopolitical tensions are fueling activity that no longer hits only government or critical infrastructure. Software supply chain compromises are spilling into industries like retail, healthcare, and hospitality.

Respondents see government pullbacks on cybersecurity oversight as a factor that compounds this exposure. More than three-quarters believe cuts to agencies such as CISA and NSA have already made their organizations more vulnerable. Many companies now face well-funded, persistent attackers without the benefit of advance warning or support. These hackers focus on long-term access, IP theft, and espionage, and they infiltrate by exploiting third-party software vulnerabilities. Many are leveraging AI to scale their attacks.

AI shapes both attacks and defenses

Attackers are leveraging generative and agentic AI to scale phishing, social engineering, and ransomware campaigns. Most leaders suspect AI was used in the attacks they experienced last year, and nearly seven in ten admit they are confident in defending against these tactics in real time. Deepfakes, voice-based fraud, and prompt injection against AI models are all on the rise.

At the same time, organizations are turning to AI to strengthen their defenses. Nearly all respondents said they are using AI to automate tasks such as threat detection, identity management, and patching. The goal is to free up security teams for threat hunting and strategic risk management. Even with these efforts, 68% of leaders admit they are confident in their ability to defend against AI-driven threats in real time.

“Many cybersecurity teams have moved beyond simply bracing for impact,” said Kevin Pierce, President and Chief Operating Officer at VikingCloud. “They’re taking a proactive stance, and that shift will define the next phase of cyber resilience.”

Insider threats persist

Insider threats continue to be a major challenge. Over a third of respondents said more than a quarter of their incidents were tied to insiders, whether through mistakes or malicious actions. This problem grows with organizational size, as more locations, endpoints, and users expand the attack surface.

Training is the most common response to insider risks. More than half of companies expanded employee awareness programs in the past year, with an increase in education on AI-related threats.

Cyberattacks are underreported

The findings show that internal reporting of incidents is often incomplete. Nearly half of surveyed leaders admitted they did not share material breaches with their executive team or board. Among those, 22% concealed five or more incidents.

The reasons range from fear of punitive responses to worries about reputational damage and regulatory consequences. Whatever the motivation, the outcome is the same. Leaders are making decisions without understanding their risk exposure. This underreporting creates a false sense of resilience that can collapse when a serious breach occurs.

Shifts in strategy and spending

More companies are investing in cyber budgets, with one-third increasing spending compared to just 7% the year before. Hiring is up, and many organizations are leaning on managed security providers to extend coverage and consolidate tools.

The reliance on outside partners has doubled in a year, with two-thirds of companies now using managed services in some form.