63% of retailers plan to invest significantly in generative AI for social engineering attacks.

65% of organizations expressed serious concern about IT help desk bypass and social engineering attacks as a top threat.

Nearly a third of leaders at financial services firms admit they are not fully confident employees could recognize an AI-driven phishing or social engineering threat.

64% of surveyed enterprises confirmed social engineering attacks via encrypted or informal channels in the past 12 months.

38% of organizations admit to being underprepared for AI-driven social engineering threats such as automated attacks, deepfake-based videos, and voice scams.

AI-enhanced phishing and social engineering are the most concerning tactics (27%) for insider threats.

78% of security leaders identify social engineering and phishing as their top threat.

Fake CAPTCHA social engineering attacks, particularly ClickFix campaigns, jumped 1,450% from the second half of 2024 to the first half of 2025.

Social engineering attacks accounted for 39% of initial access incidents observed during the first half of 2025.

44.7% of respondents cited phishing/social engineering as a top concerning threat.

51% of respondents consider AI-enhanced social engineering a fairly or extremely significant concern.

44.7% of respondents cited phishing/social engineering as a top concerning threat.

Social engineering attacks (48%) and ransomware (34%) were the most common types of cyberattacks on healthcare organizations in the past year.

28% of healthcare executives say they are likely to invest in generative AI for social engineering attacks.

28% of healthcare executives say they are likely to invest in generative AI for social engineering attacks.

56% of financial professionals cite social engineering as a significant tactic powered by AI.

Social Engineering was the second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA.

The FBI received 193,407 complaints about phishing/spoofing in 2024 (versus 298,878 in 2023 and 321,136 in 2022).

20% of phishing emails between September 15, 2024 and February 14, 2025 relied solely on social engineering.

In Q4 2024, HP threat researchers saw a growth in social engineering campaigns that rely on fake CAPTCHA challenges to infect users with malware