According to the Security Whitepaper, a vault is encrypted with the Organization Symmetric Key Bitwarden Security Whitepaper | Bitwarden . This means, each user of the organization has access to the same shared symmetric encryption key that decrypts the company vault. In a sufficiently large organization, at least one compromised endpoint using Bitwarden (and therefore compromise of the organization symmetric key) is a reasonable assumption. My understanding based on the whitepaper is, that there is layered encryption: Individual vault items are encrypted using the Cipher Key and therefore compromise of the Organization Master Key alone does not result in compromise of each secret (cipher). An attacker gaining access to the protected vault of another user would therefore be able to decrypt the outer encryption and a subset of the items in that vault, only those that the compromised user already had access to.
I see it as a downside in the security architecture that all users of an organization share the same vault whose outer encryption layer should be assumed to be compromised. Many organizations will have the requirement to maintain very strict separation in their password management.
I request the feature of support of multiple vaults that do not share a common symmetric encryption key would limit a single users compromise to only the subset of vaults that user has access to.
A related suggestion has been raised before in this comment:
Organization Symmetric Key Organization Symmetric Key