{"id":11792,"date":"2026-06-02T13:30:00","date_gmt":"2026-06-02T11:30:00","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/verizon-dbir-2026-social-engineering-wird-gefaehrlicher-und-klassische-e-mail-security-bleibt-wichtiger-denn-je\/"},"modified":"2026-06-29T16:55:58","modified_gmt":"2026-06-29T14:55:58","slug":"verizon-dbir-2026-social-engineering-a-growing-threat-with-conventional-email-security-more-important-than-ever","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/verizon-dbir-2026-social-engineering-a-growing-threat-with-conventional-email-security-more-important-than-ever\/","title":{"rendered":"Verizon DBIR 2026: Social engineering a growing threat, with conventional email security more important than ever"},"content":{"rendered":"\n

Verizon\u2019s Data Breach Investigations Report (DBIR) has long been considered one of the cybersecurity sector\u2019s most essential status reports. The recent 2026 edition<\/a> analyzes more than 31,000 security incidents and over 22,000 confirmed data breaches around the globe \u2013 unprecedented numbers.<\/p>\n\n\n\n

The report\u2019s headline finding is that vulnerability exploitation has risen to become the most common initial access vector for successful attacks. Nevertheless, enterprises will find another conclusion especially relevant: The human factor continues to gain in importance \u2013 largely due to sophisticated forms of social engineering.<\/p>\n\n\n\n

Attackers are increasingly relying on AI-enhanced deception, mobile communication channels, and credible identity spoofing rather than ordinary spam emails alone.<\/p>\n\n\n\n

Humans remain the primary attack vector<\/h2>\n\n\n\n

According to Verizon, the human factor plays a key role in 62 percent of all data breaches. Social engineering remains one of the most prevalent attack vectors, accounting for 16 percent of all security breaches.<\/p>\n\n\n\n

While phishing attacks are typically carried out asynchronously by way of email, modern adversaries increasingly rely on direct means of interaction, such as phone, text messages, instant messaging, or ongoing email conversations. In this way, attackers aim to build trust and manipulate employees in real time.<\/p>\n\n\n\n

Mobile social engineering is emerging as a blueprint for successful attacks<\/h2>\n\n\n\n

The figures for mobile attack vectors are particularly alarming. According to the Verizon report, the median success rate achieved through mobile social engineering attacks \u2013 such as those carried out via voice calls or text messages \u2013 is about 40 percent higher than that of conventional phishing campaigns carried out exclusively by email.<\/p>\n\n\n\n

This is because mobile communication creates more time pressure, provides less context, and significantly reduces the attention victims pay to security indicators. Users are much less likely to check senders and URLs, or notice unusual phrasing, on their smartphones.<\/p>\n\n\n\n

What’s more, modern attacks often employ multiple channels in parallel. A typical scenario may include:<\/p>\n\n\n\n

    \n
  1. initial contact via SMS or Teams chat,<\/li>\n\n\n\n
  2. subsequent phone call using a false identity,<\/li>\n\n\n\n
  3. concluding with an email request for login credentials or MFA approval.<\/li>\n<\/ol>\n\n\n\n

    As a result, the lines between traditional email phishing, vishing, and account takeover are increasingly blurred.<\/p>\n\n\n\n

    AI allows social engineering to scale<\/h2>\n\n\n\n

    The report also clearly indicates that generative AI has now been operationalized. According to Verizon, attackers are currently using GenAI in virtually every phase \u2013 from selecting targets to creating credible phishing messages, developing malware, and automating attack steps, not to mention translations and linguistic localization.<\/p>\n\n\n\n

    What’s especially concerning for businesses is that AI doesn’t necessarily make attacks more technically sophisticated, but rather increases their scale and professionalism. Poorly formulated phishing emails with obvious spelling errors are a vanishing breed. Instead, we are faced with large volumes of high-quality, linguistically convincing, expertly tailored, context-specific messages.<\/p>\n\n\n\n

    Email remains a major launchpad for attacks<\/h2>\n\n\n\n

    Despite the emergence of new communication channels, email remains a key starting point for attacks. In the DBIR, phishing still consistently features as one of the leading initial access vectors. At the same time, the report reveals that stolen credentials continue to play a role in 39 percent of all breaches.<\/p>\n\n\n\n

    This underscores a core reality of modern cyber defense: Nowadays, companies are not only tasked with blocking malware, but above all with securing identities, communications, and access processes. This is precisely where modern email security plays a crucial role.<\/p>\n\n\n\n

    What companies now need to do<\/h2>\n\n\n\n

    The DBIR once again confirms that technical and organizational security measures need to work together effectively. Companies are consequently advised to:<\/p>\n\n\n\n

    1. Establish advanced email security<\/h3>\n\n\n\n

    Conventional spam filters are no longer sufficient. Companies need more comprehensive protection<\/a>:<\/p>\n\n\n\n