New data shows cyber risk is escalating as AI, geopolitical volatility, insider threats, and other factors converge

VikingCloud, the leading Predict-to-Prevent cybersecurity and compliance company, today released new research revealing nearly 80% of cybersecurity leaders are concerned or extremely concerned that their organization could be targeted—directly or indirectly—by a nation-state cyberattack in the next 12 months. In addition, 76% believe that recent or proposed cuts to U.S. federal cybersecurity programs, such as the CISA and the NSA, could increase their organization’s risk exposure.

These concerns hit at a time when organizations are already facing an influx of cyberattacks. Cybersecurity leaders report that both the frequency (71%) and severity (61%) of cyberattacks have increased in the past year. Nearly 6 in 10 (59%) say their companies suffered at least one successful attack during that time. AI is a primary driver behind the surge—58% of those targeted suspect attackers used AI.

“Cyberattacks aren’t just becoming more frequent, but more costly, more advanced, and harder to spot and defend against,” said Kevin Pierce, President and Chief Operating Officer at VikingCloud. “AI is constantly opening new avenues for hackers, while geopolitical volatility is creating a ripe environment for rising attacks. Organizations face urgent pressure to strengthen defenses—from skills and staffing to tools and training—or risk being outpaced on every front.”

VikingCloud’s research - The 2025 Cyber Threat Landscape Report: Cyber Risks, Opportunities, & Resilience—is based on a quantitative survey of 200 cybersecurity professionals (director titles and above) across the United States, the United Kingdom, and Ireland.

Key points include:

• Teams still can’t keep up with AI-driven attacks. 68% of companies are only moderately or somewhat confident in their organization’s ability to detect and defend against AI-driven cyber threats in real time. There was over a 6X increase year-over-year (YoY) in organizations reporting they are unprepared for deepfake attacks.

• Leadership teams are waking up to AI dangers. Generative or agentic AI-driven phishing attacks (51%) are now leadership teams' top concern in terms of new attack techniques—a 132% increase YoY.

• Insider threats are a hidden vulnerability: 36% of cybersecurity leaders say over a quarter of their team’s cybersecurity incidents in the past year were caused by insiders, either accidental or malicious.

• Cyberattacks are underreported: Nearly half (48%) of cybersecurity leaders didn’t report a material cybersecurity incident to their executive leadership or board of directors in the past year. 86% of these companies failed to report multiple breaches.

• Teams’ reasons for not reporting incidents go beyond job loss. The leading reasons cited were worry over punitive rather than constructive responses from leadership and the board (40%), and fear of financial or reputational harm if the incident were made public or resulted in regulatory consequences (44%).

Cyber Teams Respond with New Investments

The evolving threat landscape is spurring action among cybersecurity teams. 51% of cybersecurity leaders say they’ve increased general security and awareness training in the past year, a 46% increase compared to those who said they were doing this in 2024. 43% have provided training on both generative AI and agentic AI cybersecurity risks, and 40% have provided training on either generative AI or agentic AI. Further, 33% have allocated additional budget to their cyber programs, nearly 5X as many as those who did so last year.

Most (96%) organizations report using AI to automate routine tasks and save their cyber teams meaningful time. This time is being reallocated to advanced threat hunting (44%), upskilling in advanced cyber domains (43%), prioritizing strategic risk management and compliance initiatives (36%), and other efforts that help teams stay ahead of the evolving threat landscape.

“Many cybersecurity teams have moved beyond simply bracing for impact,” said Pierce. “They’re taking a proactive stance, and that shift will define the next phase of cyber resilience.”

To read the full report, “The 2025 Cyber Threat Landscape Report: Cyber Risks, Opportunities, & Resilience,” visit www.vikingcloud.com/resources/the-2025-cyber-threat-landscape-report-cyber-risks-opportunities-resilience. Key findings from the 2024 report can also be found here.

About VikingCloud

VikingCloud is the leading cybersecurity and PCI compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions – faster. VikingCloud is the one-stop partner trusted by 4+ million businesses in 70+ countries to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruptions to their business. For more information visit www.vikingcloud.com and follow us at www.linkedin.com/company/vikingcloud/.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250918317096/en/