SpyCloud Releases 2026 Phishing Pulse Report on Enterprise Attacks
SpyCloud released its 2026 Phishing Pulse Report, citing survey and analysis results that phishing campaigns increased in both volume and sophistication for enterprise organizations. The report connects that trend to the use of artificial intelligence and phishing-as-a-service, and it frames the enterprise risk as extending beyond credential theft.
In the survey of enterprise security professionals at organizations with more than 1,000 employees, 78% reported higher phishing volume over the prior 12 months. The same respondents said 84% believe AI-generated phishing attacks are more prevalent or harder to defend against. SpyCloud also reported that phishing exposed employee data at nearly half of FTSE 100 companies over the last 12 months.
SpyCloud’s report combined survey findings with analysis of active phishing campaigns and phishing-as-a-service infrastructure. It said approximately half of phishing-as-a-service platform-sourced records were tied to enterprise identities, versus 11% of malware-sourced records. It added that AI-generated phishing was the top concern among respondents, with business email compromise cited by 58%, vendor impersonation by 52%, collaboration platform phishing by 36%, and session hijacking by 20%. It also highlighted device code phishing that uses OAuth authentication workflows to obtain authenticated access.
Across the report findings, SpyCloud tied post-phishing response challenges to visibility gaps. It said only 38% of organizations were very confident they could detect and respond to credential theft within 24 hours, 58% struggled to identify which tokens were exposed, and 68% required four hours or longer to identify and remediate confirmed phishing-related exposures. Trevor Hilligoss, Chief Intelligence Officer at SpyCloud, said, “Phishing is no longer just a password-stealing exercise,” and described attackers using AI-written lures, phishing-as-a-service kits, and adversary-in-the-middle tradecraft. Hilligoss added, “Device code phishing is effective because it avoids a direct fight with MFA and instead uses legitimate authentication workflows to obtain trusted access.”
Provided by Globe Newswire on behalf of SpyCloud. Click to read original content.