Phishing Exposes Employee Data at 86% of Fortune 100 Companies

KnowBe4 Team | Jul 1, 2026

A new report from SpyCloud has found that phishing attacks have exposed employee data at 86% of Fortune 100 companies over the past 12 months, with the technology, airline and automotive sectors being hit the hardest. The researchers also found that 78% of organizations experienced an increase in phishing volume over the past year.

Additionally, 84% of respondents named AI-assisted phishing as their top concern, followed by business email compromise (BEC) attacks.

"To no one's surprise, AI-generated phishing is the dominant concern, cited by 84% of respondents – a clear signal that traditional email security is being outpaced by machine-generated personalization. Business email compromise (58%) and vendor impersonation (52%) remain persistent. Emerging vectors like collaboration-tool phishing (36%) and session hijacking (20%) show teams are increasingly aware of what's at stake beyond the inbox.”

This surge in phishing attacks is largely driven by increasingly sophisticated phishing-as-a-service (PhaaS) platforms, which any criminal can purchase for a low subscription price. “PhaaS has revolutionized the ease and speed with which bad actors can execute phishing attacks,” SpyCloud says. “These platforms operate on a subscription model that mirrors legitimate software-as-a-service – but with entirely criminal intent. For as little as $50 to $250 USD, threat actors gain monthly access to fully managed kits that include sample phishing pages, one-click site deployment, and feature-rich admin panels with multiple exfiltration options. From purchase to active campaign, setup can take just minutes – without the need for any programming knowledge or technical expertise.”

AI-native security awareness training can give your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 Platform to strengthen their security culture and reduce workforce risk.

SpyCloud has the story: https://www.globenewswire.com/news-release/2026/06/17/3313726/0/en/spycloud-report-finds-phishing-attacks-surge-as-employee-data-is-exposed-at-86-of-fortune-100-companies.html

Secure Your Human and AI Workforce

Transform your attack surface into your strongest defense with our AI-driven platform. Request a personalized demo to see how to mitigate social engineering, manage agent risk, and automate your phishing response.

Get a Demo

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.