Organizations today possess an unprecedented awareness of cyber risks. However, translating this awareness into operational resilience remains a formidable challenge. The 2026 Bitdefender Cybersecurity Assessment sheds light on this issue, revealing several contradictions within the industry.
Discrepancies in AI Usage Visibility
Artificial intelligence has seamlessly integrated into daily business operations, often without explicit planning by security teams. Despite this integration, visibility into AI usage is inconsistent. While 51.8% of surveyed professionals believe they have full visibility into both sanctioned and unsanctioned AI use, 47.4% admit to having only partial or no visibility into unauthorized AI tools or personal AI accounts utilized for work purposes. This disconnect is more pronounced between leadership and frontline practitioners: nearly 58% of managers assert complete visibility, whereas only 45.9% of practitioners concur. This suggests that many organizations might be making strategic decisions based on an incomplete understanding of their AI exposure.
Challenges in Reducing the Attack Surface
Minimizing unnecessary exposure is widely acknowledged as a critical cybersecurity priority. However, actual implementation proves challenging. Respondents identified several obstacles to reducing the attack surface: maintaining hardening policies and exceptions (38%), fear of disrupting business operations (35.4%), and limited resources (34.6%). Additionally, 33.8% cited uncertainty about which legitimate tools individual users require, with this figure rising to 48.8% among U.S. organizations. The primary challenge lies not in recognizing the importance of reducing the attack surface but in executing it dynamically without hindering productivity or adding operational burdens.
Overemphasis on AI Threats Over Existing Techniques
AI-related threats dominate current cybersecurity concerns. The top three risks identified by security professionals include self-mutating malware (55.9%), public large language model (LLM) data leakage (53.5%), and AI-driven evasion techniques (52.5%). Despite this focus, current threat intelligence indicates that adversaries are primarily using AI to enhance existing attack methods, such as crafting more convincing phishing campaigns, automating reconnaissance, and accelerating attack execution. Notably, a prevalent attack method—Living off the Land (LOTL) techniques—receives comparatively little attention. Bitdefender Labs found that 84% of high-severity attacks exploited LOTL techniques by abusing legitimate tools already present within the environment. Yet, only one in five survey respondents ranked LOTL attacks among their top three concerns. This suggests that while AI-related threats warrant attention, organizations must not overlook existing attack methods that continue to pose significant risks.
Pressure to Conceal Breaches
Transparency following a breach remains a significant challenge. Over half (55.2%) of respondents who experienced a breach in the past year reported being instructed to keep the incident confidential, despite believing that authorities should have been notified. This figure rises to 68.6% in the United States. These findings raise critical questions about governance, compliance, and trust. Effective cyber incident response now encompasses not only technical recovery but also transparency, accountability, and confident decision-making during incidents.
Collectively, these findings highlight a pressing issue: while organizations have a heightened understanding of cyber risks, operationalizing this awareness into resilience is fraught with challenges. Bridging this gap requires a concerted effort to align strategic decisions with comprehensive visibility, resource allocation, and a balanced focus on both emerging and existing threats.