New research finds nearly 40% of organizations are underprepared for AI-driven threats such as automated attacks, deepfake-based videos, and voice scams

LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, today released its new Data Accelerator: Social Engineering and the Human Element research, which explores how human behavior remains a top organizational vulnerability, with AI accelerating the sophistication of social engineering tactics making them more believable, scalable, and damaging than ever.

Findings indicate a growing awareness of social engineering threats, with 41% of organizations reporting a significantly higher volume of cyberattacks compared to 12 months ago. Despite recognizing their heightened vulnerability, many companies remain unprepared for emerging human risks and report varying levels of confidence in their ability to defend against these targeted social engineering attacks.

While 44% believe that an AI-powered attack is likely to occur within the next 12 months, only 29% are prepared for one, and just 20% of organizations describe themselves as highly effective in their ability to defend against cyber adversaries that are using AI techniques. More specifically, 38% of organizations admit to being underprepared for AI-driven social engineering threats such as automated attacks, deepfake based videos, and voice scams. When asked to what extent they are prepared for social engineering tactics, it was revealed that:

• 57% are prepared for personal information exfiltration
• 56% noted preparedness for business email compromise
• 51%, 43%, and 41% are prepared for phishing, smishing, and quishing, respectively
• 44% of organizations are prepared for insider threats or account takeover
• 32% reported being prepared for deepfake and synthetic identity attacks

One of the biggest challenges organizations face in defending against social engineering attacks is employee awareness and preparedness. Within the Data Accelerator, 59% of organizations report an increasing difficulty for employees to discern real from not real. Despite this, only 20% of them feel confident that they are implementing a strategy to educate their workforce, and just 32% have enlisted training and awareness experts to help educate the workforce on social engineering attacks over the past 12 months. Instead, organizations are most likely to make significant investments in cyber resilience processes across the business (33%) and in generative AI to defend against social engineering attacks (31%).

Globally, Europe is the most prepared region for AI-driven attacks with 66% saying they are prepared. Likewise, Europe leads the way in prioritizing workforce education as a way to prioritize cyber resilience.

“Establishing a culture of cyber resilience is imperative for organizations to effectively prepare for the emergence of more sophisticated social engineering attacks,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “These attacks exploit human behavior, so without the proper investment into education and training, including cyber resilience processes and engaging cybersecurity consultants, organizations and their employees remain vulnerable.”

While the data shows that investing in generative AI to better defend against social engineering attacks is a priority for organizations globally, only approximately one-quarter (24%) say they are highly effective at implementing and using AI to enhance cybersecurity. Moreover, investments in additional defenses are falling short, with just 13% investing significantly in Zero Trust Architecture (ZTA) designed to reduce the impact of compromised credentials or social engineering-based access to the organization.

In response to these findings, LevelBlue recommends four specific steps focused on building strong cultural, behavioral, and technical foundations to resist modern social engineering attacks. These steps include increasing leadership engagement to build cyber resilience into the organization’s culture, implementing regular cybersecurity training programs to keep employees updated on emerging threats and best practices, evaluating investments to prepare for human-related threats while maintaining focus on more traditional attack types, and engaging external providers to enhance cybersecurity measures.

Download the complete findings of the Data Accelerator: Social Engineering and the Human Element here. This report follows the April 2025 release of the LevelBlue Futures Report: Cyber Resilience and Business Impact, found here.

For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit www.levelblue.com

Methodology

The research is based on a quantitative survey that was carried out by FT Longitude in January 2025. There were a total of 1,500 C-suite and senior executives surveyed across 14 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). To be counted as a cyber resilient organization, respondents must have met the qualifications listed under “Five Characteristics of a Cyber Resilient Organization.”

About LevelBlue

We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.

We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence – this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business.

Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at www.levelblue.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250827802033/en/