Attackers are leveraging generative AI tools to empower lower-skilled adversaries, effectively compressing the attack lifecycle . When asked about GenAI as a threat, 96% of respondents agreed it was a threat, with more than a third (36%) stating its use for malicious purposes is accelerating
.
For the first time, attack surface reduction has emerged as the top operational priority for security teams. 68% of security leaders agree that reducing the attack surface by disabling unnecessary tools and applications is critical . This shift is driven by the recognition that traditional detection-only strategies are failing.
The priority is highest in the U.S. (75%) and Singapore (71%) . The reason is clear: 84% of high-severity cyberattacks now use living-off-the-land (LOTL) techniques — abusing legitimate tools like PowerShell, WMI, and PsExec that are already present in the environment and trusted by defenders
. Attackers increasingly "log in instead of break in," using stolen credentials and native tools to bypass defenses entirely
.
The report reveals a serious governance and communication gap between leadership and operational teams:
This disconnect leads to misaligned investments and slowed progress on operational security risks . The report implies that executives are more insulated from the day-to-day reality of threats, while frontline teams face the consequences of the disconnect.
One of the most alarming findings concerns the pressure to keep breaches quiet:
Regional variation is stark: Singapore had the highest rate at 75.7%, followed by the U.S. at 73.8%, the U.K. at 58.1%, Italy at 52.8%, Germany at 48.4%, and France reporting the lowest rate at 35.4% .
The report warns that this culture of secrecy risks compromising regulatory compliance, stakeholder trust, and long-term resilience .
The public-facing report and blog do not contain explicit standalone findings labeled "data sovereignty." However, the report breaks down results by country, and themes of cross-border regulatory pressure and compliance with breach reporting laws are discussed in the context of the 58% breach-suppression finding . The LinkedIn summary of the report references that breaches were kept quiet "even if it should be reported" — directly implying regulatory and data-sovereignty tensions
. The significant regional variation in breach-suppression pressure (from 35.4% in France to 75.7% in Singapore) likely reflects different national regulatory environments and data-sovereignty expectations.
Beyond LOTL dominance, the report highlights several operational challenges:
Top attack surface hardening challenges (respondents selected up to three) :
Tool sprawl and complexity are recognized as major operational drags, and the report stresses that reducing unused admin accounts, dormant applications, and excessive permissions is the new frontline of defense . The report emphasizes that attack surface reduction is not just a security tactic but a necessary strategic shift to cope with the growing sophistication of LOTL-based attacks
.
The 2025 Bitdefender Cybersecurity Assessment Report paints a picture of an industry in transition. The key themes are:
The report does not contain a dedicated "data sovereignty" section, but cross-country regulatory tensions are implicit throughout the breach-reporting findings. The regional variation in suppression pressure likely reflects different legal frameworks and enforcement cultures.