Skip to main content
CybersecurityVulnerability Management

Cybersecurity Awareness Outpaces Resilience

Empty conference room with laptop and papers on a wooden table, overlooking a blurred cityscape through a window.

"Organizations have never had greater awareness of cyber risk." — the 2026 Bitdefender Cybersecurity Assessment.

Survey snapshot: 1,200 professionals across six countries

The 2026 Bitdefender Cybersecurity Assessment is built on an independent survey of 1,200 IT and cybersecurity professionals across six countries. Its headline finding is not novelty but contradiction: awareness of risk is high, yet operational resilience is lagging. The report highlights multiple, quantifiable gaps — in visibility, capability, priorities, and culture — that together frame the central problem for organizations this year.

Leadership vs. practitioners: Visibility into sanctioned and Shadow AI

Artificial intelligence has become embedded in business processes, but visibility into that usage is inconsistent. A slim majority — 51.8% — of respondents say they have full visibility into sanctioned and unsanctioned AI use, while 47.4% admit to only partial or no visibility into Shadow AI tools or personal AI accounts being used for work. The divide widens by role: nearly 58% of managers believe they have complete visibility, compared with only 45.9% of frontline practitioners. The assessment explicitly warns that strategic decisions may be made on an incomplete picture of AI exposure.

Attack surface reduction: clear priority, persistent obstacles

Respondents broadly agree on the value of reducing unnecessary exposure, but execution stalls on practical constraints. The top obstacles cited are maintaining hardening policies and exceptions (38%), fear of disrupting business operations (35.4%), and limited resources (34.6%). Uncertainty about which legitimate tools users actually require was noted by 33.8% overall, and that uncertainty spikes to 48.8% among U.S. organizations. Bitdefender frames the problem succinctly: the challenge is not persuading organizations that shrinking the attack surface matters, but finding a way to do it dynamically, without disrupting productivity or creating additional operational burden.

AI dominates attention while Living off the Land (LOTL) remains the workhorse of high-severity attacks

Security professionals ranked AI-related threats as their top three concerns: self-mutating malware (55.9%), public LLM data leakage (53.5%), and AI-driven evasion techniques (52.5%) were each rated high or extreme risks by respondents. Yet Bitdefender Labs' telemetry tells a complementary story: 84% of high-severity attacks leveraged Living off the Land techniques by abusing legitimate tools already present inside the environment. Despite that prevalence, only one in five survey respondents placed LOTL attacks in their top three concerns. The report underscores a tension: AI is rightly a focus, but it is also being used to enhance long-standing tactics such as phishing, automated reconnaissance, and faster attack execution — while existing, successful techniques continue to cause significant damage.

Organizational culture: secrecy after breach remains common

Transparency after an incident emerged as a major cultural problem. More than half (55.2%) of respondents who experienced a breach in the previous twelve months say they were instructed to keep the incident confidential despite believing authorities should have been notified. That pressure to remain silent is even stronger in the United States, where 68.6% of breached respondents report a directive to keep incidents confidential. Bitdefender frames this finding as more than public relations — it raises questions about governance, compliance, and trust that affect resilience as much as technical recovery.

What this means for technologists, regulators, and enterprise leaders

  • Technologists and security teams will wrestle with uneven visibility: nearly half of respondents lack full sight into Shadow AI, even as AI-related risks top the list; they must also confront the high prevalence of LOTL techniques that are underappreciated in threat rankings.
  • Regulators and compliance officers should note the scale of non-disclosure pressure: 55.2% overall, and 68.6% in the U.S., of breached professionals reported being told to keep incidents confidential even when they believed authorities should be notified.
  • Enterprise and procurement leaders face a dual operational challenge: drive attack surface reduction while avoiding business disruption, a problem made concrete by the percentages citing hardening exceptions (38%), fear of disruption (35.4%), limited resources (34.6%), and tool-uncertainty particularly acute in U.S. organizations (48.8%).

The 2026 assessment leaves a stark, practical mandate: understanding risk is necessary but no longer sufficient. Organizations "understand today's cyber risks better than ever before," the report says, but turning that understanding into resilience — dynamically reducing exposure, reconciling AI opportunity with visibility shortfalls, and choosing transparency over secrecy after incidents — remains the central, unresolved task. How to operationalize those trade-offs without undermining productivity or increasing operational burden is the concrete question policymakers, security teams, and boards must answer.

Read the full 2026 Bitdefender Cybersecurity Assessment