48% of Cybersecurity Bosses Have Failed to Report a Cyberattack This Year

Nearly half of cybersecurity leaders failed to disclose a “material” cyberattack to their executive leadership or board of directors in the past year, according to new research from VikingCloud. According to the 2025 Cyber Threat Landscape Report: Cyber Risks, Opportunities, & Resilience, 48% of surveyed respondents declined to report such an incident when presented with the opportunity.

The two most commonly cited reasons for this failure were worry over punitive rather than constructive responses from leadership (40%), and fear of financial or reputational harm (44%). Meanwhile, a further 86% of these companies failed to report multiple attacks.

Elsewhere, the report paints a fairly damning picture of the cybersecurity space in the last 12 months. Businesses are woefully underprepared for the evolving threat landscape, which tracks with our own research.

Nearly Half of Security Bosses Failing to Report Serious Breaches

48% of cybersecurity leaders elected to not tell their superiors about a serious data breach in the last year, a new report from VikingCloud reveals. Out of this demographic, a further 86% failed to report multiple breaches.

The 2025 Cyber Threat Landscape Report: Cyber Risks, Opportunities, & Resilience surveyed 200 cybersecurity leaders across the US, UK, and Ireland, to get a better understanding of the “most urgent” risks that organizations are currently facing. Among other findings, 71% of participants indicated that they might not report a data breach.

The main reasons for failing to report a breach were worry over a punitive rather than constructive response from senior leadership (40%), and fear of reputational or financial harm if the news became public (44%). As we’ve covered elsewhere, the consequences of a data breach are often severe.

Other Findings Shed Light on Bosses’ Security Fears

Across the tech sector, there’s widespread fear of nation-sponsored cyberattacks. Nearly 80% of surveyed respondents claimed that they fear being targeted by a nation-state data breach in the next 12 months. To make matters worse, 76% believe that recent or mooted cuts to US federal cybersecurity programs, such as the NSA, could make them more vulnerable to such attacks.

Furthermore, the report observes an astonishing jump in fears over AI-driven phishing scams. In 2024, 22% of respondents indicated that they were wary of this new threat; this year, 51% of leaders cited it among their top concerns.

Compounding this issue, the majority of companies (68%) claimed that they lack “full confidence” when it comes to repelling these AI-driven attacks in real time.

Bad Situation Will Likely Get Worse

The cybersecurity landscape is steadily worsening, with 71% of respondents confirming that cyberattacks are happening more often, and with greater severity (61%). In the words of President and Chief Operating Officer at VikingCloud, Kevin Pierce: “Cyberattacks aren’t just becoming more frequent, but more costly, more advanced, and harder to spot and defend against.”

Added to this, the emergence of AI has opened up new attack vectors and possibilities for cybercriminals, with defenses currently unable to keep pace with illicit activity. Clearly, this is not sustainable. Businesses are under unprecedented pressure to adopt new technology, invest in talent, and upskill their existing employees, in order to turn the tide on cybercriminals.

Without serious collective action, the situation will only continue to deteriorate. But while the emergence of AI poses serious security risk, it also opens the door to new opportunities. Businesses have a responsibility to explore this new technology and the implications that it will have for the future of cybersecurity.