Social Engineering
We've curated 35 cybersecurity statistics about Social engineering to help you understand how attackers manipulate human psychology to gain sensitive information and access in 2025. These insights reveal the tactics used and the importance of awareness in combating these threats.
Showing 1-20 of 35 results
72% of Chief Information Security Officers report a significant increase in attacks, led primarily by AI-powered social engineering.
Human error (employees tricked into providing credentials) was cited in nearly 43% of identity incidents.
60% of digital trust professionals cited social engineering as an AI risk.
In the last six months, calendar invite phishing increased by 49%.
Internal team impersonation was present in 30% of phishing attacks by threat actors in Q1 2026.
Social engineering drove 88% of material losses in the first half of 2025 in Resilience's healthcare portfolio, making human error the industry's single most consequential vulnerability.
48% of enterprises' cyberattacks involve phishing or social engineering.
86% of CISOs fear agentic AI will increase the sophistication of social engineering attacks.
28% of SMB respondents say AI is creating hyper-personalized social engineering attacks.
Novel social engineering phishing techniques increased from 32% to 38% year-over-year.
51% of organizations have faced sophisticated, personalized phishing emails powered by deepfake technology.
77% of organizations have been targeted by deepfake attacks.
In Q4 2025, callback phishing increased from 3% to 18% of all phishing incidents, a 500% spike.
In 2025, 'ClickFix' social engineering techniques were used in 1% of phishing attacks.
63% of retailers plan to invest significantly in generative AI for social engineering attacks.
65% of organizations expressed serious concern about IT help desk bypass and social engineering attacks as a top threat.
Nearly a third of leaders at financial services firms admit they are not fully confident employees could recognize an AI-driven phishing or social engineering threat.
64% of surveyed enterprises confirmed social engineering attacks via encrypted or informal channels in the past 12 months.
38% of organizations admit to being underprepared for AI-driven social engineering threats such as automated attacks, deepfake-based videos, and voice scams.
AI-enhanced phishing and social engineering are the most concerning tactics (27%) for insider threats.