44% of all participants admitted to having interacted with a phishing message in the last year.

47% of IT leaders based in Australia cite managing external threats (such as phishing and spoofing) as their top security challenge.

In Q2 2025, 13% of malicious emails (phishing, malware, etc.) were not blocked by the email gateway security system. This is 1 percentage point higher than in Q1 2025.

In 24.6% of large ransomware claims, attackers used phishing to infiltrate systems.

IT leaders estimate that only 5% of known phishing attacks in healthcare are actually reported by employees to security teams.

71% of CISOs at enterprises worry about SMS phishing (smishing).

59% of CISOs at enterprises fear voice phishing (vishing).

AI-personalized phishing now drives 300% more user interaction than traditional, templated variants.

100% of enterprises test email phishing.

Only 27% of CISOs at enterprises simulate SMS phishing.

Only 27% of enterprises test smishing.

Only 15% of enterprises simulate vishing.

Just 18% of enterprises tailor phishing simulations by both role and behavior.

91% of enterprises say tailoring phishing simulations by both role and behavior is essential.

Just 15% of CISOs at enterprises test voice phishing.

77% of small business leaders are concerned about phishing and impersonation scams powered by AI.

Initially, large financial institutions show 44.7% Phish-prone™ Percentage (PPP) rates, meaning nearly 45% of employees were susceptible to phishing attacks or likely to click on a malicious link or download an infected file.

AI-enhanced phishing and social engineering are the most concerning tactics (27%) for insider threats.

Comprehensive security awareness training can reduce phishing susceptibility to below 5%.

78% of security leaders identify social engineering and phishing as their top threat.