In one enforcement case, a clinic was fined $25,000 for a single message that contained protected health information (PHI) and was sent to the wrong person without encryption

71% of Japanese respondents identified phishing as the top threat facing their organization, significantly higher than the global average.

82% of the top 20 clicked links in simulated phishing emails came from internally themed simulations between July 1, 2025, and September 30, 2025.

66% of simulated phishing emails utilized domain spoofing techniques.

70% of simulated landing page interactions involve branded content.

25% of the top 20 attachments opened in simulated phishing emails were Word documents.

25% of branded content interactions in simulated phishing emails involved Microsoft between July 1, 2025, and September 30, 2025.

19% of the top 20 attachments opened in simulated phishing emails were HTML files.

PDFs comprised 56% of the top 20 attachments opened in simulated phishing emails.

45% of the top 10 most-clicked simulated phishing emails referenced HR between July 1, 2025, and September 30, 2025.

90% of the most-clicked subject lines in simulated phishing emails reference internal topics.

In 2025, 77% of callback numbers used AI-generated voices, while 69% of vishing attacks were financially motivated, requesting bank detail changes, fraudulent refunds, or transfers.

In 2025, cybercriminals increased their abuse of legitimate platforms like QuickBooks, Zoom, SharePoint, and PayPal by 67% year-to-date.

Phone-based vishing attacks increased by 449% in 2025 compared to 2024, with phone numbers appearing as the sole payload in 5.5% of phishing emails.

28% of breaches in 2025 were initiated through phishing or social engineering.

AI-powered phishing campaigns achieve a 54% click-through rate, over four times higher than traditional phishing.

57% of organizations in the U.K. and Singapore expressed concern about social engineering tactics

45% of victims reported that phishing was the initial point of compromise in ransomware attacks

50% of senior decision-makers reported concern about AI-generated phishing emails, compared to 40% of junior management

57% of French organizations reported the greatest concern about AI-enabled threats, compared to an average of 45% across geographies