51 Social Engineering Statistics for 2025

General Social Engineering Statistics

Social engineering remains one of the most effective methods cybercriminals use to gain unauthorized access.

1. 98% of cyberattacks rely on social engineering. Human error remains the weakest link in cybersecurity. (Verizon Data Breach Report)
2. Phishing accounts for 70% of all social engineering attacks. Email-based scams dominate due to their scalability and simplicity. (PhishLabs)
3. 85% of organizations experienced a social engineering attack in 2024. The majority of businesses are targeted, regardless of size. (IBM Security)
4. 45% of employees fail social engineering tests. Awareness training is essential to reduce vulnerability. (KnowBe4)
5. Social engineering attacks increased by 27% in 2025. Cybercriminals continue to exploit new platforms and technologies. (Cybersecurity Ventures)

Phishing Statistics

Phishing is the most common type of social engineering, targeting individuals through emails, texts, and other communication channels.

1. 91% of phishing attacks begin with email. Email remains the preferred method due to its reach and simplicity. (Verizon)
2. Smishing attacks grew by 35% in 2025. Text-based phishing is on the rise with mobile device usage. (Proofpoint)
3. Business email compromise (BEC) costs organizations $43 billion globally. BEC is one of the most financially damaging phishing techniques. (FBI IC3 Report)
4. Spear-phishing attacks account for 65% of phishing incidents. Targeted attacks are more effective and harder to detect. (Trend Micro)
5. AI-powered phishing emails have a 35% higher success rate. Cybercriminals are using advanced tools to craft convincing messages. (McAfee)

Social Engineering in the Workplace

Employees are prime targets for social engineering, making workplace awareness essential.

1. 77% of employees can’t identify common social engineering tactics. Lack of training leaves businesses vulnerable. (SHRM)
2. CEOs and executives are targeted in 12% of social engineering attacks. High-level employees often have access to sensitive information. (Forbes)
3. Human error is responsible for 82% of data breaches. Social engineering exploits trust and inattention to bypass security. (IBM Security)
4. Organizations with regular security training reduce phishing success by 60%. Education is the most effective defense against these attacks. (KnowBe4)
5. Social engineering testing improves detection rates by 45%. Simulated attacks help employees recognize and respond to real threats. (Proofpoint)

Social Media and Social Engineering

Social media platforms are increasingly used to gather information for social engineering attacks.

1. 30% of social engineering attacks leverage social media. Cybercriminals use publicly available information to personalize attacks. (Statista)
2. 60% of LinkedIn users are targeted by fake connection requests. Professional networks are a common entry point for scams. (Proofpoint)
3. 75% of social engineering victims were contacted on Facebook or Instagram. Popular platforms are used to build trust before launching attacks. (Pew Research)
4. Sharing personal details online increases phishing success rates by 25%. Oversharing provides cybercriminals with valuable information. (Trend Micro)
5. Social media impersonation attacks rose by 29% in 2025. Fake profiles are often used to deceive victims. (McAfee)

Costs and Impacts of Social Engineering

The financial and reputational costs of social engineering attacks are significant.

1. The average cost of a social engineering attack is $150,000. Small and medium-sized businesses are particularly impacted. (Ponemon Institute)
2. Companies lose an average of $17.7 million annually to social engineering. The financial toll includes data loss, recovery, and legal expenses. (Accenture Security)
3. Reputational damage affects 60% of businesses after an attack. Trust erosion can lead to customer loss and long-term consequences. (Forbes)
4. Recovering from a social engineering breach takes 200 days on average. Extended downtime and recovery efforts are costly. (IBM Security)
5. Small businesses are targeted in 43% of social engineering attacks. Limited resources make them an easy target for cybercriminals. (Verizon)

Emerging Social Engineering Techniques

Cybercriminals are constantly evolving their methods to exploit new vulnerabilities.

1. Deepfake technology is used in 15% of social engineering attacks. Manipulated videos and audio deceive victims into trusting malicious actors. (McAfee)
2. Vishing attacks increased by 40%. Voice phishing scams are becoming more prevalent, especially targeting seniors and executives. (Proofpoint)
3. QR code scams rose by 30% in 2025. Fake QR codes direct victims to phishing websites or malware downloads. (Trend Micro)
4. IoT device manipulation is exploited in 20% of attacks. Cybercriminals leverage poorly secured smart devices for entry points. (Gartner)
5. AI-driven social engineering attacks grew by 50%. Machine learning helps attackers craft highly personalized and convincing schemes. (Cybersecurity Ventures)

Prevention and Defense Against Social Engineering

Proactive measures are essential to prevent social engineering attacks.

1. 92% of organizations invest in phishing simulations. Regular testing strengthens employee awareness and preparedness. (KnowBe4)
2. Multi-factor authentication (MFA) reduces social engineering risks by 70%. Requiring additional verification adds a critical layer of security. (Microsoft)
3. Security awareness training improves employee detection rates by 50%. Educating teams helps them recognize and avoid threats. (Proofpoint)
4. AI-based monitoring tools detect social engineering attempts with 80% accuracy. Advanced technologies can identify suspicious patterns. (Gartner)
5. Implementing zero-trust policies reduces breaches by 40%. Limiting access ensures attackers can’t exploit human vulnerabilities. (Forbes)

Social Engineering by Industry

Certain industries face higher risks of social engineering attacks due to the nature of their operations.

1. Healthcare accounts for 30% of social engineering attacks. Patient data and weaker defenses make it a prime target. (HIPAA Journal)
2. Financial services face 25% of all social engineering attempts. Sensitive financial information is a lucrative goal for attackers. (PwC)
3. Government organizations experienced a 20% increase in phishing. Agencies are targeted for access to classified information. (FBI IC3 Report)
4. Education sees 15% of social engineering attacks. Schools and universities are vulnerable due to limited cybersecurity resources. (EDUCAUSE)
5. Retail and eCommerce businesses face 18% of attacks. Customer data and payment systems are high-value targets. (Statista)

Future of Social Engineering

The threat of social engineering is expected to grow, with attackers leveraging emerging technologies.

1. Global social engineering attack rates are projected to increase by 35% by 2030. The rise of digital interactions provides more opportunities. (Cybersecurity Ventures)
2. AI-driven attacks will account for 50% of social engineering attempts by 2030. Advanced technology will make attacks more convincing. (McAfee)
3. Biometric authentication adoption is expected to grow by 20% annually. Stronger verification methods will help combat attacks. (Gartner)
4. Human error will remain a factor in 80% of breaches. Training and awareness will be critical for prevention. (IBM Security)
5. Zero-trust adoption will reduce successful attacks by 45%. Organizations are prioritizing security-first strategies to mitigate risks. (Forbes)