AI, hidden breaches and data sovereignty reshape enterprise cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


The risks associated with the use of artificial intelligence (AI), the continued concealment of security breaches and the growing importance of data sovereignty are among the biggest cybersecurity challenges facing organizations today.

These are the findings of “Bitdefender Cybersecurity Assessment 2026”, based on a survey of more than 1,200 IT and cybersecurity professionals working at companies with at least 500 employees across the United States, France, Germany, Italy, the United Kingdom and Singapore. 

The report identifies the key concerns, threats and challenges that, according to respondents, are shaping organizations’ cybersecurity strategies. Below are some of its main findings highlighted by Bitdefender.

Limited visibility into AI use

The report reveals that nearly half of organizations lack full visibility into how employees use AI tools. While 51.8% of respondents say they have complete visibility into both authorized and unauthorized AI usage, 47.4% admit they have only partial or no visibility into Shadow AI tools or personal AI accounts used for work purposes.

The study also highlights a perception gap between executives and technical professionals. While 57.8% of decision-makers believe their organizations have full control over AI usage, that figure drops to 45.9% among technical specialists. According to Bitdefender, this suggests that senior management may be underestimating their organizations’ actual level of exposure.

Internal AI systems and cloud infrastructure top security concerns

Internal AI systems and large language models (LLMs) rank as cybersecurity professionals’ top concern, cited by 45% of respondents. Cloud infrastructure and applications follow closely at 44%, while Identity and Access Management (IAM) systems rank third at 33.3%.

However, the report identifies a contradiction between perceived and actual risk. Although AI is regarded as the primary concern, one in five respondents considers the leakage of sensitive information by employees into public LLMs to be a low or very low risk for their organization.

Concealing security breaches remains widespread

More than half (55.2%) of professionals who experienced a security incident over the past 12 months say they were instructed to keep it confidential, despite believing it should have been reported to the relevant authorities.

Although the figure has declined slightly from 57.6% in 2025, it remains well above the 42% recorded in 2023, indicating that the practice of concealing security breaches remains deeply entrenched worldwide.

The United States records the highest rate (68.6%), followed by Germany and the United Kingdom (57.2% each). The trend is consistent across both management and technical roles.

Cloud breaches and email fraud among the most common incidents

Breaches affecting cloud infrastructure or applications were the most frequently reported security incidents over the past year, affecting 41.8% of organizations surveyed. They were followed by Business Email Compromise (BEC) attacks, which resulted in financial or data losses for 35.9% of organizations, and ransomware, cited by 25.6% of respondents.

In addition, 59.2% of participants reported being targeted by AI-powered social engineering attacks during the past year, a finding that, according to the report, confirms that artificial intelligence has already become an established tool for cybercriminals.

Reducing the attack surface remains a major challenge

Although organizations recognize the need to reduce their attack surface, many struggle to do so without disrupting business operations. The main obstacles identified by respondents include the effort required to maintain security rules and exceptions (38%), concerns about operational disruption (35.4%), limited resources (34.6%), the complexity of securing legacy systems (34.5%), and insufficient visibility into which legitimate tools users actually require (33.8%).

In the United States, nearly half of organizations (48.8%) report significant visibility gaps, compared with a global average of 33.8%.

Data sovereignty becomes a key factor in vendor selection

Data sovereignty has become a decisive factor when choosing a cybersecurity provider. More than three out of four respondents (76.1%) say they would likely switch providers due to concerns over data sovereignty, jurisdiction or the possibility of foreign governments accessing their information.

These concerns are particularly pronounced in the United States (87%), the United Kingdom (85%) and Germany (77%), and are more common among decision-makers (79.4%) than among technical specialists (72.8%).

According to Bitdefender, this trend is closely linked to increasingly stringent regulatory requirements and the implementation of frameworks such as NIS2 and DORA, which are driving organizations to demand greater transparency about where their data is stored and who has access to it.

AI is driving new cybersecurity threats

Finally, the report finds that AI-related threats are widely perceived as posing a high or very high risk. Respondents identify AI-generated self-evolving malware (55.9%), the disclosure of sensitive information through public AI models (53.5%), AI-powered evasion techniques capable of bypassing traditional security solutions (52.5%), and the use of deepfakes or voice cloning for fraud and Business Email Compromise attacks (51.9%) as the most significant threats.

Although self-evolving malware tops the list of concerns, Bitdefender notes that threat intelligence currently indicates cybercriminals are primarily using AI to accelerate and refine existing attacks rather than develop entirely new malware families. Agentic AI also emerges as a particularly significant risk in Singapore (64%) and the United States (61.6%).

“The expanding attack surface, the rapid proliferation of AI-powered threats, and persistent operational pressures are forcing organizations to rethink their cybersecurity strategies from the ground up,” said Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group.

“The findings of this report demonstrate that modern security strategies must move beyond reactive defenses to continuously reduce risk, govern AI adoption and ensure regulatory compliance in an environment where cybercriminals are becoming increasingly fast, adaptable and automated,” he added.

The risks associated with the use of artificial intelligence (AI), the continued concealment of security breaches and the growing importance of data sovereignty are among the biggest cybersecurity challenges facing organizations today.

These are the findings of “Bitdefender Cybersecurity Assessment 2026”, based on a survey of more than 1,200 IT and cybersecurity professionals working at companies with at least 500 employees across the United States, France, Germany, Italy, the United Kingdom and Singapore. 

The report identifies the key concerns, threats and challenges that, according to respondents, are shaping organizations’ cybersecurity strategies. Below are some of its main findings highlighted by Bitdefender.

Limited visibility into AI use

The report reveals that nearly half of organizations lack full visibility into how employees use AI tools. While 51.8% of respondents say they have complete visibility into both authorized and unauthorized AI usage, 47.4% admit they have only partial or no visibility into Shadow AI tools or personal AI accounts used for work purposes.

The study also highlights a perception gap between executives and technical professionals. While 57.8% of decision-makers believe their organizations have full control over AI usage, that figure drops to 45.9% among technical specialists. According to Bitdefender, this suggests that senior management may be underestimating their organizations’ actual level of exposure.

Internal AI systems and cloud infrastructure top security concerns

Internal AI systems and large language models (LLMs) rank as cybersecurity professionals’ top concern, cited by 45% of respondents. Cloud infrastructure and applications follow closely at 44%, while Identity and Access Management (IAM) systems rank third at 33.3%.

However, the report identifies a contradiction between perceived and actual risk. Although AI is regarded as the primary concern, one in five respondents considers the leakage of sensitive information by employees into public LLMs to be a low or very low risk for their organization.

Concealing security breaches remains widespread

More than half (55.2%) of professionals who experienced a security incident over the past 12 months say they were instructed to keep it confidential, despite believing it should have been reported to the relevant authorities.

Although the figure has declined slightly from 57.6% in 2025, it remains well above the 42% recorded in 2023, indicating that the practice of concealing security breaches remains deeply entrenched worldwide.

The United States records the highest rate (68.6%), followed by Germany and the United Kingdom (57.2% each). The trend is consistent across both management and technical roles.

Cloud breaches and email fraud among the most common incidents

Breaches affecting cloud infrastructure or applications were the most frequently reported security incidents over the past year, affecting 41.8% of organizations surveyed. They were followed by Business Email Compromise (BEC) attacks, which resulted in financial or data losses for 35.9% of organizations, and ransomware, cited by 25.6% of respondents.

In addition, 59.2% of participants reported being targeted by AI-powered social engineering attacks during the past year, a finding that, according to the report, confirms that artificial intelligence has already become an established tool for cybercriminals.

Reducing the attack surface remains a major challenge

Although organizations recognize the need to reduce their attack surface, many struggle to do so without disrupting business operations. The main obstacles identified by respondents include the effort required to maintain security rules and exceptions (38%), concerns about operational disruption (35.4%), limited resources (34.6%), the complexity of securing legacy systems (34.5%), and insufficient visibility into which legitimate tools users actually require (33.8%).

In the United States, nearly half of organizations (48.8%) report significant visibility gaps, compared with a global average of 33.8%.

Data sovereignty becomes a key factor in vendor selection

Data sovereignty has become a decisive factor when choosing a cybersecurity provider. More than three out of four respondents (76.1%) say they would likely switch providers due to concerns over data sovereignty, jurisdiction or the possibility of foreign governments accessing their information.

These concerns are particularly pronounced in the United States (87%), the United Kingdom (85%) and Germany (77%), and are more common among decision-makers (79.4%) than among technical specialists (72.8%).

According to Bitdefender, this trend is closely linked to increasingly stringent regulatory requirements and the implementation of frameworks such as NIS2 and DORA, which are driving organizations to demand greater transparency about where their data is stored and who has access to it.

AI is driving new cybersecurity threats

Finally, the report finds that AI-related threats are widely perceived as posing a high or very high risk. Respondents identify AI-generated self-evolving malware (55.9%), the disclosure of sensitive information through public AI models (53.5%), AI-powered evasion techniques capable of bypassing traditional security solutions (52.5%), and the use of deepfakes or voice cloning for fraud and Business Email Compromise attacks (51.9%) as the most significant threats.

Although self-evolving malware tops the list of concerns, Bitdefender notes that threat intelligence currently indicates cybercriminals are primarily using AI to accelerate and refine existing attacks rather than develop entirely new malware families. Agentic AI also emerges as a particularly significant risk in Singapore (64%) and the United States (61.6%).

“The expanding attack surface, the rapid proliferation of AI-powered threats, and persistent operational pressures are forcing organizations to rethink their cybersecurity strategies from the ground up,” said Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group.

“The findings of this report demonstrate that modern security strategies must move beyond reactive defenses to continuously reduce risk, govern AI adoption and ensure regulatory compliance in an environment where cybercriminals are becoming increasingly fast, adaptable and automated,” he added.


——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW