Mimecast’s 2025 Global Threat Intelligence Report Reveals Rising Human-Centric Cybersecurity Risks

The latest report leverages insights from Mimecast’s threat analysis of more than 24 trillion data points for its 43,000 customers, flagging over 9.13 billion threats.

Mimecast published its 2025 Global Threat Intelligence Report, examining threat activity in 2025. The report details how threat actors adapted their tactics to engage human touchpoints from various angles, launching coordinated campaigns that challenge traditional defenses.

The findings indicate a rise in sophisticated, AI-driven phishing and social engineering attacks. Phishing now accounts for 77% of all attacks, an increase from 60% in 2024, with attackers likely employing advanced Artificial Intelligence (AI) tools.

“We’re seeing a clear evolution in attacker behavior in 2025,” said Ranjan Singh, Mimecast Chief Product & Technology Officer. “Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and state-sponsored adversaries.”

The report highlights the use of Generative AI (GenAI) that enhances deception tactics, allowing attackers to craft convincing emails and audio messages. Additionally, Mimecast reported a substantial increase in social engineering attacks, like ClickFix and Business Email Compromise (BEC), which utilize automated conversations to impersonate legitimate communication.

ClickFix attacks surged over 500% within the first six months of 2025, making up nearly 8% of reported attacks. Attackers exploited trusted business tools, leveraging platforms such as Adobe Pay, DocuSign, and Salesforce, with DocSend noted as the most abused service in 2025.

Threat actors also exploited legitimate CAPTCHA services, complicating detection efforts. Mimecast identified over 900,000 detections of attacks employing this methodology in the U.S. and UK.

To further evade detection, attackers used multichannel strategies, coordinating activities across email, phone, and other communication methods to obscure their tactics. This approach has been evident in high-profile impersonation schemes.

Mimecast’s research shows that professional education, IT software, telecommunications, and legal sectors experience heightened impersonation attacks, reflecting their access to high-value targets. A recent phishing campaign specifically targeted hospitality professionals through email impersonation and credential harvesting.

“Cyber defense can no longer be treated solely as a technology issue,” said Leslie Nielsen, Mimecast Chief Information Security Officer. “Countering threats requires organizations to prepare employees to recognize suspicious activity and leverage tools like AI to enhance security operations.”