SpyCloud’s latest report, released on June 17, 2026, underscores the escalating threat of phishing attacks driven by artificial intelligence and phishing-as-a-service platforms. The report, based on a survey of security professionals at large organizations, reveals a troubling increase in both the volume and sophistication of phishing attempts targeting enterprises.
Phishing Attacks: A Growing Concern
According to the 2026 Phishing Pulse Report, 78% of surveyed organizations noted a rise in phishing incidents over the past year. The advent of AI-generated phishing techniques has made these attacks more challenging to defend against, with 84% of respondents acknowledging their increasing prevalence.
SpyCloud’s analysis highlights that phishing attacks have exposed employee data at 86% of Fortune 100 companies. Technology, airline, and automotive sectors are among the most affected, emphasizing the critical need for robust security measures.
Challenges in Phishing Response
Despite awareness of the threat, many organizations remain ill-prepared to handle successful phishing attacks. Only 38% are confident in detecting and responding to credential theft within 24 hours. Moreover, 58% struggle to identify compromised credentials after an attack, while 42% find it challenging to remediate at scale.
SpyCloud’s data reveals that 68% of organizations take over four hours to identify and address confirmed phishing exposures, and merely 30% have integrated phishing detection with identity response systems.
Adapting to Emerging Threats
The report also highlights emerging threats such as business email compromise, vendor impersonation, and session hijacking, with AI and adversary-in-the-middle techniques significantly impacting enterprises. Device code phishing, a method exploiting OAuth authentication, is becoming a prevalent concern.
Trevor Hilligoss, SpyCloud’s Chief Intelligence Officer, emphasizes the need for organizations to go beyond credential resets and focus on revoking compromised tokens and sessions to mitigate persistent threats.
The Imperative for Enhanced Visibility
One of the report’s crucial insights is the ongoing visibility gap in organizations’ response strategies post-phishing attack. Without clear visibility into exposed credentials and session tokens, attackers gain a foothold for subsequent attacks, such as ransomware and account takeovers.
Hilligoss advises that organizations should prioritize automated remediation processes to reduce the time attackers have to exploit compromised identities. SpyCloud’s use of darknet data helps organizations proactively address these threats and secure their systems.
For further insights and to access the full 2026 Phishing Pulse Report, visit SpyCloud’s website or contact their team for a demonstration of their identity threat protection solutions.
