Breaking Through the Noise: How to Build Trust and Credibility in the Cybersecurity Space

We all say we’re “building trust.” The problem is that the people we’re trying to reach are flooded with those daily claims from vendors, analysts, and even each other.

If you want to be credible right now, you can’t just talk about trust. You have to show you understand the real pressures your audience is under today, not in last year’s slide deck.

Here are four trends from the past year that are defining what credibility looks like in 2025.

1. Credential Theft Is Surging, and It’s Not a Quiet Problem

Credential theft has surged 160% in 2025 and now drives roughly one in five data breaches. When credentials leak from GitHub repositories, organizations take an average of 94 days to remediate them, which is plenty of time for attackers to exploit the access.

Example: GitHub reported more than 39 million secrets leaked across repositories in 2024, underscoring how easy it is for API keys and tokens to slip into code and get harvested.

Another lens: In February 2025, Truffle Security found around 12,000 live API keys and passwords in the Common Crawl dataset—keys successfully authenticated to real services.

2. Social Engineering Is Now the Top Threat Vector

Between May 2024 and May 2025, 36% of all intrusions started with social engineering, making it the leading initial access method, ahead of malware and exploits. 

Example: In one case, the threat group Scattered Spider (also tracked as Muddled Libra) used voice-based social engineering to bypass MFA by impersonating internal staff. That initial hook was enough to launch a full-scale breach.

3. Tool Sprawl Is Eroding Buyer Confidence

A Kaspersky study in early 2025 found that 74% of UK companies run multi-vendor security stacks. More than a third (36%) said this slows threat response, and nearly half said it drives up costs instead of reducing them.

Example: After the 2023 MOVEit Transfer breach, many organizations discovered that patching the vulnerability required coordination across multiple security tools. That complexity slowed remediation and exposed how tool sprawl can hinder urgent responses.

4. AI-Powered Attacks Are Speeding up—Defenses Are Falling Behind

Okta recently reported an unprecedented surge in credential-stuffing attacks, partly driven by AI-enhanced tools and anonymization services like residential proxies and TOR. These attacks mimic legitimate user traffic, making detection harder and allowing attackers to adapt their approach in real time when attempts fail, turning brute force into a far more agile threat.

The Thread That Connects Them

These aren’t just threat trends. They’re credibility tests.

Your buyers, partners, and analysts want certainty when the ground is shifting.

The vendors who earn it don’t just reference these issues; they have something useful to say when credential theft is surging, social engineering is leading breaches, tool sprawl is slowing response, and AI-driven attacks are evolving in real time.

Credibility comes from showing you can help in those moments, not claiming you can.

That’s why we built the Cybersecurity Marketing Society,  a place for marketers in our industry to swap real-world intel, share what works, and learn from peers who face your challenges. 

If you want to connect with the people shaping how security stories are told, join us or meet us in person at CyberMarketingCon 2025.