Resilience, Silence, and Burnout in the Modern Security Stack

The 2025 Cybersecurity Assessment Report by Bitdefender brings forward a set of findings that challenge many assumptions about readiness and risk.

It is no longer accurate to describe threats as primarily external or rooted in malware.

Most intrusions now occur through valid access routes and system-level tools already trusted by defenders. Detection is delayed, alerts are absent, and incidents often remain internal until damage has already occurred.

Security teams are operating under tighter constraints. Many of them are understaffed and burnout is widespread. Leadership teams and frontline operators are increasingly misaligned in how they view risk and preparedness.

Meanwhile, AI is rapidly reshaping the attack surface. Its use is increasing across both sides of the security equation, enabling faster, more convincing social engineering and automation of basic but effective attack components.

This assessment reflects data from over 700,000 incidents and direct input from 1,200 professionals. The result is a view into how today’s threats actually unfold, how teams are responding, and where internal structures are beginning to break down.

Why It Matters: Threat actors are succeeding through access, timing, and familiarity. Meanwhile, defenders are hindered by uneven deployment, limited visibility, and inconsistent coordination across roles. Risk builds in quiet ways and exposure grows within routine processes. The findings show that surface-level indicators of security, like budget increases or tool adoption, can obscure deeper operational gaps.

• Attackers Exploit Existing Admin Tools: Living Off the Land techniques were used in over 84% of major breaches reviewed. These methods rely on built-in utilities like PowerShell, WMI, PsExec, and Remote Desktop Protocol to move through networks, escalate access, and extract data without deploying malware. Because these tools are part of standard operating procedures, their use rarely triggers alerts. Defenders cannot scan for them the same way they scan for suspicious binaries. Their presence is expected, which makes unusual behavior harder to detect without baselining. This changes the role of prevention. Risk reduction now begins with reviewing which tools are necessary and which access pathways are routinely left open or unmonitored.

• AI Expands Low-Skill Threat Capability: Over two-thirds of organizations observed an increase in threats involving AI in the past year. More than 60% confirmed they had experienced at least one AI-related incident. These threats often involve social engineering, email impersonation, or scripted malware that appears more polished and targeted. The advantage AI gives attackers is speed and scale. It reduces the time needed to generate phishing messages, create realistic fake personas, or troubleshoot scripts copied from forums. As a result, groups that would have struggled to launch an effective campaign before now have more confidence and capability. This widens the range of potential attackers and flattens the learning curve for disruption.

• Readiness Confidence Varies by Role: Executive-level respondents reported significantly higher confidence in their ability to manage risk. 45% described their security posture as very strong. Among mid-level managers, that number dropped to 19%. The difference reflects more than just perception. Leadership is often focused on strategic plans, purchase decisions, and outcome metrics. Operational staff deal with incomplete integrations, delayed patch cycles, and alert fatigue. The survey showed that while leaders are prioritizing investments in artificial intelligence and automation, frontline teams are still working to close gaps in access control and cross-platform monitoring. Without a shared understanding of ground-level constraints, organizations risk building a strategy on assumptions that do not match day-to-day reality.

• Burnout Weakens Security Over Time: 49% of cybersecurity professionals reported burnout. 39% said they are likely to seek a new role in the next year. These figures reflect a work environment where alerts are high volume and repetitive, and where proactive work is often delayed or skipped entirely. Teams under pressure are forced into a reactive stance. They stop reviewing privileges, patching systems promptly, or analyzing logs thoroughly. As senior staff exit, the loss of institutional memory further increases reliance on external vendors for core tasks like incident response and threat hunting. Managed Detection and Response services are being adopted more widely, but this does not fully offset the operational risks of high turnover and internal fatigue.

• Breach Reporting Often Suppressed: 58% of professionals said they had been instructed not to report a breach even when they believed it met disclosure thresholds. In many cases, this instruction came from leadership. Among executives, nearly 70% said they had faced this decision. These patterns reflect growing discomfort with regulatory exposure and reputational fallout. However, delayed reporting introduces its own risks. It slows response coordination, impairs root cause analysis. It creates downstream trust issues with clients and regulators. The report suggests that breach response decisions are increasingly influenced by internal optics rather than external guidance. This shifts cybersecurity away from transparency and toward liability management, often at the expense of long-term accountability.

Go Deeper -> 2025 Cybersecurity Assessment Report – Bitdefender