A new report from SpyCloud has found that phishing attacks have exposed employee data at 86% of Fortune 100 companies over the past 12 months, with the technology, airline and automotive sectors being hit the hardest. The researchers also found that 78% of organizations experienced an increase in phishing volume over the past year.
Additionally, 84% of respondents named AI-assisted phishing as their top concern, followed by business email compromise (BEC) attacks.
"To no one's surprise, AI-generated phishing is the dominant concern, cited by 84% of respondents – a clear signal that traditional email security is being outpaced by machine-generated personalization. Business email compromise (58%) and vendor impersonation (52%) remain persistent. Emerging vectors like collaboration-tool phishing (36%) and session hijacking (20%) show teams are increasingly aware of what's at stake beyond the inbox.”
This surge in phishing attacks is largely driven by increasingly sophisticated phishing-as-a-service (PhaaS) platforms, which any criminal can purchase for a low subscription price. “PhaaS has revolutionized the ease and speed with which bad actors can execute phishing attacks,” SpyCloud says. “These platforms operate on a subscription model that mirrors legitimate software-as-a-service – but with entirely criminal intent. For as little as $50 to $250 USD, threat actors gain monthly access to fully managed kits that include sample phishing pages, one-click site deployment, and feature-rich admin panels with multiple exfiltration options. From purchase to active campaign, setup can take just minutes – without the need for any programming knowledge or technical expertise.”
AI-native security awareness training can give your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 Platform to strengthen their security culture and reduce workforce risk.
SpyCloud has the story: https://www.globenewswire.com/news-release/2026/06/17/3313726/0/en/spycloud-report-finds-phishing-attacks-surge-as-employee-data-is-exposed-at-86-of-fortune-100-companies.html
