Each missed phishing email costs an average of $36.29 to investigate and remediate.

Organisations with fewer than 100 mailboxes experience up to 7.5x more missed phishing attacks than large enterprises.

Secure Email Gateways (SEGs) are missing an average of 67.5 phishing emails per 100 mailboxes every month. This analysis is based on actual phishing emails that bypassed SEG defences and were detected by the IRONSCALES email security platform.

Phishing texts and emails (48%) were a common cyber disruption faced by SMBs in the past 12 months.

82.6% of all phishing emails analysed exhibited some use of AI.

Ransomware payloads in phishing attacks have risen by 22.6% over six months, with a sharp 57.5% increase in just three months.

The top three words used in phishing emails: Urgent, Review, Sign.

There has been a 57.9% increase in phishing attacks being sent from compromised accounts getting through traditional detection.

Job application-related phishing attacks are not only sent to individual accounts (24%) but also shared mailboxes (52%) and individual inboxes with activated delegate functions (21%) (e.g. a personal assistant has access to an executive’s inbox).

Between September 15, 2024 and February 14, 2025, there was a 11.1% incease in phishing emails sent from compromised email addresses within the supply chain.

Between September 15, 2024 and February 14, 2025, there was a 67.4% incease in the use of third-party platforms for phishing emails.

Between September 15, 2024 and February 14, 2025, there was a 49.9% increase in phishing emails sent from compromised accounts.

64% of phishing attacks are focused on engineering roles.

76.4% of all phishing campaigns now use polymorphic phishing tactics.

On average, phishing emails contained 1058 characters (~188 words)

New starters typically received a phishing email after 3 weeks.

3,829 days - average domain age for phishing attacks getting through.

The phishing hyperlink, malware, and social engineering payloads getting through traditional detection have surged, with phishing hyperlinks increasing by 36.8%, malware by 20%, and social engineering tactics by 14.2% compared to the previous six months.

81.9% of phishing victims had their emails leaked in previous breaches.

Of 512 job application-related phishing emails, attackers targeted engineering (64%) roles, followed by finance (12%), HR (10%), IT (10%), product (2%), and others (2%).