Tech News

Tech Business News

  • Home
  • Technology
  • Business
  • News
    • Technology News
    • Local Tech News
    • World Tech News
    • General News
    • News Stories
  • Media Releases
    • Tech Media Releases
    • General Media Releases
  • Advertisers
    • Advertiser Content
    • Promoted Content
    • Sponsored Whitepapers
    • Advertising Options
  • Cyber
  • Reports
  • People
  • Science
  • Articles
    • Opinion
    • Digital Marketing
    • Gaming
    • Guest Publishers
  • About
    • Tech Business News
    • News Contributions -Submit
    • Journalist Application
    • Contact Us
Reading: Companies Are Losing Sight Of AI Use As Cyber Breach Secrecy Becomes A Global Security Risk
Share
Font ResizerAa
Tech Business NewsTech Business News
  • Home
  • Technology News
  • Business News
  • News Stories
  • General News
  • World News
  • Media Releases
Search
  • News
    • Technology News
    • Business News
    • Local News
    • News Stories
    • General News
    • World News
    • Global News
  • Media Releases
    • Tech Media Releases
    • General Press
  • Categories
    • Crypto News
    • Cyber
    • Digital Marketing
    • Education
    • Gadgets
    • Technology
    • Guest Publishers
    • IT Security
    • People In Technology
    • Reports
    • Science
    • Software
    • Stock Market
  • Promoted Content
    • Advertisers
    • Promoted
    • Sponsored Whitepapers
  • Contact & About
    • Contact Information
    • About Tech Business News
    • News Contributions & Submissions
Follow US
© 2022 Tech Business News- Australian Technology News. All Rights Reserved.
Tech Business News > Cyber > Companies Are Losing Sight Of AI Use As Cyber Breach Secrecy Becomes A Global Security Risk
Cyber

Companies Are Losing Sight Of AI Use As Cyber Breach Secrecy Becomes A Global Security Risk

Bitdefender launched their annual Cybersecurity Assessment report for 2026, an independent survey of more than 1,200 IT and security professionals across six markets including Singapore, at companies with 500 or more staff. Breach Secrecy & Suppression, and Data Sovereignty emerge as defining themes .

Matthew Giannelis
Last updated: July 1, 2026 3:54 pm
Matthew Giannelis
Share
SHARE

A new Bitdefender report has exposed a widening gap between what companies believe they can see inside their networks and what is actually happening across employee devices, cloud systems and artificial intelligence tools.


2026 Cybersecurity Assessment Report

Key Findings: AI, Cloud And Breach Risk Move To The Centre Of Cybersecurity

Organisations are facing sharper pressure from Shadow AI, cloud exposure, breach secrecy, business email compromise and growing concern over where sensitive data is stored.

1

47.4%

Lack clear visibility into Shadow AI

Nearly half have only partial or no visibility into unsanctioned AI tools used for work.

2

45%

Rank internal AI systems as a top concern

AI systems and LLMs now sit ahead of most traditional security worries.

3

55.2%

Were told to keep incidents quiet

Breach suppression remains common despite reporting obligations and public risk.

4

41.8%

Reported cloud or app breaches

Cloud infrastructure and application breaches were the most common incident type.

5

35.9%

Experienced business email compromise

BEC remains a major pathway for financial loss and data exposure.

6

59.2%

Faced AI-driven social engineering

AI-enabled deception has shifted from speculation to operational reality.

7

76.1%

Would switch vendors over data sovereignty

Jurisdiction, foreign access and data location now influence cyber vendor selection.

8

55.9%

Rate self-mutating malware as high risk

AI-driven malware, LLM leaks, evasion and deepfake fraud are now mainstream concerns.

Primary risk themes: Shadow AI, cloud exposure, breach suppression, BEC and AI-enabled attacks.
Source: 2026 Cybersecurity Assessment Report

The 2026 Cybersecurity Assessment Report, released in Sydney on 1 July, suggests many organisations are now fighting cyber threats on two fronts:

Attackers using AI to sharpen scams and intrusion attempts, and employees quietly using unsanctioned AI tools that may be leaking sensitive business data.

The report is based on an independent survey of more than 1,200 IT and security professionals across France, Germany, Italy, Singapore, the United Kingdom and the United States.

Respondents included cybersecurity practitioners and decision-makers working in organisations with 500 or more employees.

One of the clearest warnings in the report is the rise of “Shadow AI”, where staff use personal or unauthorised AI tools for work without full oversight from security teams.

While 51.8% of respondents said their organisation had full visibility into sanctioned and unsanctioned AI use, 47.4% admitted they had only partial visibility or no visibility into individual Shadow AI tools or personal accounts being used for work.

The gap is sharper inside management ranks. Bitdefender found 57.8% of managers believed they had full visibility into AI usage, compared with only 45.9% of practitioners.

Just 0.5% of managers reported having no visibility, compared with 4.5% of practitioners, suggesting senior leaders may be underestimating how much AI activity is happening outside approved systems.

That matters because internal AI systems and large language models are now the leading security concern for the professionals surveyed.

Forty-five percent identified internal AI systems and LLMs as their top concern, narrowly ahead of cloud infrastructure and application environments at 44%. Identity and access management systems ranked third at 33.3%.

Yet the report also reveals a dangerous contradiction. Despite AI ranking as the top area of concern, 20.4% of respondents rated employees leaking sensitive data into public LLMs as a low or extremely low risk.

The findings point to a workplace reality that many companies are still struggling to govern: employees are already using generative AI, but security policies, monitoring and data controls have not kept pace.

The report also raises serious concerns about breach transparency. More than half of respondents who experienced a security incident or breach in the past 12 months said they were told to keep it confidential, even though they believed it should have been reported to authorities.

The figure stood at 55.2%, only slightly lower than 57.6% in 2025, but far above the 42% reported in 2023. Bitdefender said the pattern points to an entrenched culture of breach suppression across global organisations.

The United States recorded the highest level of reported pressure to stay silent, at 68.6%, followed by Germany and the United Kingdom at 57.2%. The issue cut across job levels, with 56.8% of managers and 53.5% of practitioners reporting similar pressure.

The most common incidents were cloud infrastructure or application breaches, reported by 41.8% of respondents. Business email compromise (BEC) resulting in financial or data loss followed at 35.9%, while ransomware was reported by 25.6%.

The United States stood out sharply on business email compromise, with 54.7% of organisations reporting BEC incidents, nearly 19 percentage points above the global average.

AI-driven social engineering has also moved from theoretical concern to operational reality.

The report points to a broader public security problem: companies are adopting AI faster than many can monitor it, while attackers are using the same technology to make fraud more convincing.

Bitdefender found 59.2% of respondents had experienced AI-driven social engineering attacks in the past 12 months, with criminals using more believable impersonation, sharper language patterns and better targeting.

The concern is no longer confined to security teams. When businesses lose visibility over workplace AI use, sensitive customer records, staff information and internal systems can be exposed through everyday behaviour, including the use of public AI tools, unauthorised accounts or poorly monitored software.

That loss of control is being made worse by the difficulty of reducing corporate attack surfaces.

Respondents cited the high overhead of maintaining hardening rules and exceptions as the leading barrier, at 38%, followed by fear of operational disruption at 35.4% and resource constraints at 34.6%. Legacy infrastructure remains another weak point, with 34.5% saying older systems are difficult to secure.

Visibility gaps becoming a serious operational risk.

Globally, 33.8% of respondents said organisations were unsure which legitimate tools were essential for each user, while in the United States the figure rose to 48.8%, suggesting even mature markets are struggling to keep pace with the spread of AI inside the workplace.

At the same time, data sovereignty has shifted from a procurement issue to a matter of public trust.

More than three-quarters of respondents, at 76.1%, said they would be likely to switch cybersecurity vendors over concerns about where data is stored, which laws apply, or whether foreign governments could gain access.

The concern was strongest in the United States, where 87% said they would be likely to switch vendors, followed by the United Kingdom at 85% and Germany at 77%.

Managers were also more likely than practitioners to raise the issue, at 79.4% compared with 72.8%, showing that control over security data is now reaching senior leadership.

For Australian organisations, the findings land at a time of tightening privacy and critical infrastructure obligations.

Reforms to the Privacy Act and the Security of Critical Infrastructure Act, alongside global rules such as NIS2 and DORA, are forcing businesses to answer harder questions about where security data is processed, who can access it and which legal jurisdiction governs it.

Cybersecurity vendors often handle sensitive telemetry, threat data and operational signals from the organisations they protect.

If that information is stored, processed or accessed under unclear legal arrangements, the consequences can extend well beyond one business to customers, employees, suppliers and essential services.

AI-related threats were rated as a high or extreme risk across every major category tested in the report. The leading concern was attackers using AI to generate self-mutating malware, cited by 55.9% of respondents, followed by employees leaking sensitive data into public LLMs at 53.5%.

Other risks were close behind, including AI-driven evasion techniques bypassing traditional endpoint detection and response signatures at 52.5%, and deepfakes or voice cloning used in fraud or business email compromise at 51.9%.

Bitdefender noted that while self-mutating malware ranked as the top concern, current threat intelligence suggests attackers are more commonly using AI to accelerate and refine existing attack methods rather than create entirely new categories of malware.

Agentic AI is now adding another layer to the risk. Concern about AI agents expanding the attack surface was especially high in Singapore at 64% and the United States at 61.6%, highlighting how quickly autonomous tools are becoming part of the global cybersecurity debate.

“The expanding attack surface, the rapid proliferation of AI-powered threats, and persistent operational pressures are forcing organisations to rethink how they approach security from the ground up,” said Andrei Florescu, president and general manager of Bitdefender Business Solutions Group.

“The findings in this report make clear that modern security strategies must go beyond reactive defences to continuously reduce risk, govern AI adoption, and ensure compliance across an environment where adversaries are faster, more adaptive, and increasingly automated.” said Florescu

Report shows cybersecurity teams are no longer dealing with isolated technical problems.

They are confronting a broader governance failure, where AI adoption is moving faster than oversight, breaches are still being kept quiet, and security leaders may not have a complete view of the risks already inside their own organisations.

For businesses, the message is blunt: AI has changed the speed and scale of cyber risk, but many organisations are still trying to manage it with visibility, reporting and control systems built for a slower threat environment.

ByMatthew Giannelis
Follow:
Secondary editor and executive officer at Tech Business News. An IT support engineer for 20 years he's also an advocate for cyber security and anti-spam laws.
Previous Article April MacPherson’s Tech Career Pivot Shows Why Australia Must Rethink Who Gets Hired
Leave a Comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Bit Defender 2026 Report - Companies Lose sight of AI use cyber breach secrecy Global Security Risk

Tech Articles

Sean Yu, VP of Commercial APAC at EBANX.

The Consumers Driving Global E-Commerce Growth Are Closer to Australia Than Many Businesses Think

The consumers driving global e-commerce growth are closer to Australia…

June 9, 2026
The Decay of guest blogging posts

The Decay of Guest Blogging. It Got Cheap, Automated, and Spammy.

Guest blogging once helped publishers showcase real expertise and build…

June 9, 2026
Why is APAC losing the war on digital fraud

Why APAC is Losing Ground In The Fight Against Digital Fraud

Why APAC is losing the war on digital fraud is…

May 6, 2026

Recent News

Self-rewriting AI malware now accounts for 76% of all detected threats,
Cyber

AI Malware That Rewrites Itself Is the Cybersecurity Threat No One Is Ready For

7 Min Read
Global research reveals Australian companies risk losing best & brightest cybersecurity talent
Cyber

Australian Companies Risk Losing Best and Brightest Cybersecurity Talent

5 Min Read
Cyber Security Absent From National Policy Debates - Tech News
Cyber

Cyber Security Absent From National Policy Debates During The Federal Election Cycle

7 Min Read
Tech News - asd-cyberreport-2023 Australia
Cyber

ASD Cyber Threat Report For 2022-2023 Flags New Cyber Normal For Australia

12 Min Read
Tech News - Technology Business

Tech Business News

In 2026, technology news is shaping business outcomes faster than ever—driven by AI adoption, rising cyber risk, cloud modernisation, data regulation, and constant platform change.
 
Tech News keeps Australian organisations and industry professionals informed with timely reporting and practical coverage across AI, cybersecurity, cloud, enterprise IT, startups, science, people and business, plus major world and local news impacting the tech sector.
 
Tech Business News publishes news and analysis designed to be clear, relevant, and easy to act on. It supports the industry with technology news reports, whitepaper publishing services, and a range of media, advertising and publishing options 

About

About Us 
Contact Us 
Privacy Policy
Copyright Policy
Terms & Conditions

July, 01, 2026

Contact

Tech Business News
Melbourne, Australia
Werribee 3030
Phone: +61 431401041

Hours : Monday to Friday, 9am 530-pm.

Tech News

© Copyright Tech Business News 

Latest Australian Tech News – 2026

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?