AI and Insider Threats Are Fueling a Cybersecurity Crisis, New VikingCloud Report Warns

The digital battlefield is changing faster than most organizations can adapt. A new survey of 200 cybersecurity leaders across the U.S., U.K., and Ireland by VikingCloud paints a stark picture of an industry bracing for more frequent, more severe, and more sophisticated attacks in 2025.

A Perfect Storm of Threats

According to VikingCloud’s 2025 Cyber Threat Landscape Report, nearly 80 percent of security leaders fear they could be targeted by a nation-state campaign within the next year. Escalating geopolitical tensions and shrinking government oversight in the U.S. are only adding fuel. More than three-quarters of executives believe cuts to federal cybersecurity programs will increase corporate risk.

But it isn’t just state actors. The report highlights two accelerating forces behind the surge in attacks: artificial intelligence and insiders. Fifty-eight percent of companies hit by breaches last year suspect AI was in play, while more than a third traced incidents back to employees whether through error or malice.

The Underreporting Problem

Perhaps most alarming is how often breaches are kept under wraps. Nearly half of the security leaders surveyed admitted they failed to disclose a material incident to their board or executive team in the past year. Some hid five or more. The reasons ranged from fear of punitive reactions to worries over reputational fallout.

This culture of silence creates a false sense of resilience at the highest levels. Without accurate reporting, leadership can’t make informed investments or policy decisions, leaving gaps that attackers are quick to exploit.

AI as a Weapon and a Shield

Generative and agentic AI have become central to the threat equation. Cybercriminals are using these tools to scale phishing, automate reconnaissance, and craft deepfakes that bypass traditional defenses.

“Phishing has become a top concern, not just because it’s more convincing, but because it’s faster, more scalable, and increasingly autonomous,” said Kevin Pierce, VikingCloud’s chief operating officer. “With agentic AI, attackers no longer need deep technical expertise or to constantly oversee their attack campaigns”.

Ironically, AI is also the most promising defensive tool. Nearly every organization surveyed is experimenting with AI automation to reduce alert fatigue, accelerate patching, and triage threats. By handling routine tasks, AI frees up scarce cyber talent to focus on high-value work like advanced threat hunting and secure software development.

Shifting Strategies

The report finds that companies are responding with bigger budgets and more training. Security awareness programs jumped 46 percent year over year, and nearly one-third of firms expanded cyber budgets—compared to just 7 percent in 2024. Still, preparedness gaps remain. Ransomware topped the list of attack types executives felt least ready to counter, and only 24 percent felt confident they could spot AI-driven attacks in real time.

Reliance on outside help is also climbing. Two-thirds of organizations now augment their defenses with managed security service providers (MSSPs), double the number from last year. These partnerships promise scale and expertise that many internal teams lack, but they also highlight how reliant businesses are becoming on third parties to keep pace.

The Bigger Picture

VikingCloud distills its findings into five imperatives for leaders: prepare for the geopolitical ripple effects of cyberwarfare, adopt advanced AI tools, build a culture of transparent incident reporting, automate wherever possible, and consider outsourcing to MSSPs for resilience.

The message is clear. Traditional defenses alone are no longer enough. AI has tilted the playing field, arming both attackers and defenders with new capabilities. The question for businesses is not whether to embrace AI, but how quickly they can do it before adversaries exploit the lag.