Cybersecurity Leaders Hide Cyber Incidents From Executives
▼ Summary
– Cyberattacks are increasing in frequency and severity, with 71% of security leaders reporting more common attacks and 61% noting greater impact from incidents.
– Nation-state attacks are a major concern, with nearly 80% of leaders worried about being targeted as geopolitical tensions expand attacks beyond government to industries like retail and healthcare.
– AI is being used by attackers to scale phishing and ransomware, while organizations are adopting AI for defense in threat detection and automation to free up security teams.
– Insider threats remain significant, with over a third of respondents attributing more than a quarter of incidents to insiders, leading to expanded employee training programs.
– Cyberattacks are often underreported internally, with nearly half of leaders not sharing material breaches due to fears of punitive responses or reputational damage.
A significant and troubling trend is emerging in corporate cybersecurity, where leaders are increasingly choosing to conceal security incidents from their own executive leadership and boards of directors. This practice of underreporting creates a dangerous gap in an organization’s understanding of its true risk profile, potentially leading to catastrophic decisions based on incomplete information. New research highlights this issue alongside a rapidly evolving threat environment characterized by sophisticated nation-state campaigns and the dual-edged impact of artificial intelligence.
Nation-state cyberattacks have moved to the forefront of security concerns. Survey data indicates that nearly 80% of security leaders are worried about being targeted by a state-sponsored attack within the next year. Geopolitical tensions are no longer confined to government and critical infrastructure targets; they are now spilling over into the commercial software supply chain, directly impacting retail, healthcare, and hospitality sectors. Compounding this exposure, more than three-quarters of respondents believe that government pullbacks on cybersecurity oversight at agencies have made their organizations more vulnerable. These organizations now face well-funded, persistent adversaries who focus on long-term access, intellectual property theft, and espionage, often by exploiting vulnerabilities in third-party software. Many of these attackers are now leveraging AI to scale their operations.
The role of artificial intelligence is shaping both offensive and defensive strategies. On the attack side, threat actors are using generative and agentic AI to supercharge phishing, social engineering, and ransomware campaigns. Security leaders report a sharp increase in deepfakes, voice-based fraud, and prompt injection attacks against AI models. In response, organizations are fighting fire with fire. Nearly all surveyed are now using AI to automate critical security tasks like threat detection, identity management, and system patching. The objective is to free up human analysts for more complex work like proactive threat hunting and strategic risk management. Despite the rapid adoption of defensive AI, a substantial majority of leaders express confidence in their ability to defend against AI-driven threats as they happen.
Insider threats remain a persistent and significant challenge for organizations of all sizes. Over a third of respondents reported that more than a quarter of their security incidents were linked to insiders, whether through simple human error or malicious intent. This problem intensifies with organizational growth, as more locations, devices, and users inevitably expand the digital attack surface. To combat this, training remains the most common countermeasure. More than half of all companies expanded their employee security awareness programs over the last year, with a specific focus on educating staff about new AI-related threats.
Perhaps the most alarming finding is the systematic underreporting of cyber incidents. Close to half of the security leaders surveyed admitted to withholding information about material breaches from their executive team or board of directors. Among this group, a striking 22% confessed to concealing five or more separate incidents. The motivations for this secrecy vary, including fear of punitive action, concerns over reputational damage, and anxiety about regulatory fallout. Regardless of the reason, the outcome is identical: top decision-makers are operating without a clear picture of the organization’s actual cybersecurity posture. This creates a fragile and false sense of security that can shatter instantly when a major breach finally comes to light.
In response to these complex challenges, corporate strategy and spending are undergoing a noticeable shift. A full third of companies have increased their cybersecurity budgets, a dramatic jump from just 7% the previous year. Hiring for security roles is also on the rise. Furthermore, many organizations are turning to external experts for support, with the reliance on managed security service providers doubling in just one year. Today, two-thirds of companies leverage managed services in some capacity to extend their security coverage and consolidate their technology tools.
(Source: HelpNet Security)