Outpaced and Underprepared: The Reality of Cybersecurity in 2025

‍VikingCloud’s 2025 Cyber Threat Landscape Report reveals a troubling reality: 59% of companies suffered at least one successful cyberattack in the past year, and more than half of those lost over 5% of their annual revenue.

Overall, the global cybercrime economy is projected to cost businesses $10.5 trillion annually by the end of 2025. If annual cybercrime were a country, it would have the world’s third-largest GDP.

And AI is reshaping the threat landscape, accelerating cybercrime's speed, scale, and sophistication. In fact, among the organizations that were attacked in the past year, 58% suspect AI played a role in the attack.

Cyber risk will only grow as geopolitical tensions rise. With many nation-state actors now leveraging AI to amplify their attacks, organizations are facing a wave of threats evolving faster than most defenders can respond. Notably, nearly 80% of cybersecurity leaders are concerned—or extremely concerned—about being targeted by a nation-state cyberattack.

Yet 68% of leaders admit they are only moderately or somewhat confident in their ability to defend against AI-driven threats in real time. That gap in readiness is leaving businesses dangerously exposed.

Organizations Are Falling Behind Adversaries

Organizations are struggling to keep pace with bad actors. Over a third of security leaders (36%) admit that adversaries’ tools are more advanced than their own teams’ capabilities. Yet preparedness is still slipping across the board: 46% of organizations say they are least prepared for ransomware attacks, nearly double the 28% that reported this just a year earlier. Cybersecurity leaders also say they are least prepared for phishing and social engineering attacks (39%) and ransomware affecting critical third parties (36%).

This lack of readiness is especially dangerous as attacks intensify. 71% of security leaders reported an increase in attack frequency over the past year, and 61% noted rising severity.

Cybersecurity leaders are aware of the rising threats yet remain under-equipped to confront them. The result is a dangerous imbalance—attackers are innovating at scale with AI, while businesses are still trying to catch up.

The AI Confidence Gap

AI gives attackers the upper hand in both speed and sophistication—widening cybersecurity leaders’ confidence gap as adversaries adopt new tactics. Generative and agentic AI-powered phishing attacks are now the top concern for security teams, with 51% of leaders naming them their greatest worry—compared to 22% who reported this last year. Deepfakes are another fast-rising threat, with the number of organizations unprepared to defend against them increasing 6x year-over-year. Generative model prompt hacking (45%) and AI-vishing voice deepfakes (43%) are already on the radar of executive teams, underscoring the diverse ways attackers are weaponizing AI.

Leadership Blind Spots Fuel Additional Risks

The risks created by the confidence gap are compounded by an equally serious issue: a breakdown in communication between front line managers and their leadership. While attackers are growing more advanced, many organizations are weakening their own defenses by failing to report incidents to the top.

48% of companies did not disclose material cybersecurity incidents to their executive leadership or board of directors in the past year—and of those, 86% withheld multiple breaches. Fear drives much of this silence: 40% of cyber professionals worry about punitive responses from their executive teams, while 44% cite concerns about reputational or regulatory fallout for the company.

This lack of reporting leaves leadership blindsided. It slows detection, delays response, and blocks the strategic investments needed to close the technology gap and boost cyber defenses and resilience. Without transparency and accountability, businesses risk giving attackers the upper hand.

3 Strategies to Fight Back

In order to stay ahead of evolving threats, cyber leaders must:

1. Leverage AI as a Defensive Force Multiplier: 96% of organizations use AI to automate routine security tasks, freeing teams to focus on higher-value activities like advanced threat hunting (44%), upskilling (43%), and building a stronger security culture (38%). Over the next 12 months, leaders expect AI to automate incident detection and response (45%), automate threat hunting (45%), accelerate patching (30%), and reduce alert fatigue (29%).
2. Foster Transparency and a Security-First Culture: Reporting gaps remain a major vulnerability. By prioritizing training and encouraging employees to report incidents without fear of punitive response, organizations can improve response times, reduce dwell time, and allocate resources more effectively. In fact, training is now the top way organizations are responding to an influx of threats, with 51% saying they’ve increased general security and awareness training.
3. Partner with an MSSP: In 2024, VikingCloud’s research found that 67% of organizations relied solely on internal teams, but by 2025, that number dropped to 35%, as businesses increasingly turned to managed security service providers (MSSPs). MSSPs deliver 24/7 monitoring, advanced AI-driven threat detection, specialized expertise, and faster incident response to help cybersecurity teams keep up with the rapidly evolving landscape

The growing technology gap and underreporting of cyber incidents are just 2 of many findings in the 2025 Cyber Threat Landscape report. Download the full report to explore today’s biggest vulnerabilities and how cybersecurity teams can outsmart cybercriminals.