GITNUXREPORT 2026

Social Engineering Statistics

Social engineering caused most data breaches last year through widespread phishing attacks.

Rajesh Patel

Rajesh Patel

Team Lead & Senior Researcher with over 15 years of experience in market research and data analytics.

First published: Feb 13, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Key Statistics

Statistic 1

Vishing, a social engineering tactic, involves impersonation to extract sensitive info like passwords or financial data via phone calls mimicking authority figures

Statistic 2

Phishing uses deceptive emails with urgent language and spoofed sender addresses to trick users into clicking malicious links or attachments

Statistic 3

Pretexting creates fabricated scenarios, such as posing as IT support needing verification codes, to gain trust and confidential information

Statistic 4

Baiting offers physical media like infected USB drives labeled 'confidential payroll' left in public areas to entice pickup and infection

Statistic 5

Quid pro quo promises tech support in exchange for remote access or credentials, often targeting stressed employees during peak hours

Statistic 6

Tailgating physically follows authorized personnel into secure areas by carrying boxes or feigning injury to bypass badge checks

Statistic 7

BEC scams impersonate executives via email with CEO spoofing and urgent wire transfer requests totaling billions annually

Statistic 8

Smishing sends SMS with fake parcel delivery alerts containing malicious QR codes leading to credential harvesting sites

Statistic 9

Spear phishing targets specific individuals with personalized info from LinkedIn or social media to craft convincing lures

Statistic 10

Whaling attacks C-level executives with tailored threats like 'board meeting leak' to demand large ransoms or data

Statistic 11

Dumpster diving sifts through trash for discarded documents with passwords or org charts to aid impersonation

Statistic 12

Watering hole attacks compromise sites frequented by targets, injecting malware via social engineering popups

Statistic 13

Reverse social engineering sets up scenarios where victim initiates contact, like fake IT issues prompting calls to attacker

Statistic 14

Honeytrap uses romantic lures on social media to extract corporate secrets from executives

Statistic 15

Elicitation subtly probes for info in casual conversations at conferences without raising suspicion

Statistic 16

Shoulder surfing observes PIN entry in public or crowded elevators using reflections or binoculars

Statistic 17

Tech support scams pop up fake virus alerts directing to call centers for remote access and ransomware deployment

Statistic 18

Invoice fraud sends forged bills mimicking vendors with slight detail changes to divert payments

Statistic 19

Job offer scams post fake listings on Indeed collecting resumes and personal data for identity theft

Statistic 20

Charity scams exploit disasters with GoFundMe clones soliciting donations via emotional appeals

Statistic 21

Romance scams build online relationships over months to request funds for fabricated emergencies

Statistic 22

Grandparent scams call elderly posing as grandchildren in jail needing bail money wired immediately

Statistic 23

IRS impersonation demands immediate tax payments via gift cards under threat of arrest

Statistic 24

Lottery scams notify fake winnings requiring upfront fees for claim processing

Statistic 25

Annual security awareness training reduces social engineering success by 70%, per Proofpoint 2023

Statistic 26

MFA blocks 99.9% of account takeover social engineering attacks, Microsoft data

Statistic 27

Simulated phishing tests improve click rates by 40% after 3 campaigns, KnowBe4 2023

Statistic 28

AI email filters detect 92% of phishing social engineering attempts, IBM 2023

Statistic 29

Zero-trust architecture reduces social engineering lateral movement by 85%

Statistic 30

Incident response plans cut social engineering breach time by 50%, Ponemon 2023

Statistic 31

Behavioral analytics flag 78% anomalous social engineering logins

Statistic 32

Passwordless auth prevents 95% pretexting credential thefts

Statistic 33

Employee reporting of suspicious emails rose 300% with reward programs

Statistic 34

URL scanners block 88% malicious social engineering links pre-click

Statistic 35

Regular vulnerability patching mitigates 67% baiting exploit chains

Statistic 36

SIEM tools detect 75% vishing callback anomalies in real-time

Statistic 37

Gamified training lowers phishing susceptibility by 55%, 2023 studies

Statistic 38

DMARC implementation stops 96% BEC email spoofing

Statistic 39

Privilege access management limits damage from 82% social engineering breaches

Statistic 40

Call verification protocols reduce smishing success by 90%

Statistic 41

Dark web monitoring alerts on 70% leaked credentials from social eng

Statistic 42

Physical security audits cut tailgating incidents by 65%

Statistic 43

AI voice analysis detects 85% vishing deepfakes, 2023 tech

Statistic 44

Backup verification prevents 100% ransomware from social engineering

Statistic 45

Micro-segmentation isolates 92% post-social engineering compromises

Statistic 46

Phishing simulations with feedback reduce repeats by 90%

Statistic 47

Endpoint detection stops 89% baiting malware executions

Statistic 48

Culture of security reporting catches 60% attacks pre-escalation

Statistic 49

Quantum-safe encryption future-proofs against advanced social eng, 0% breach rate projected

Statistic 50

Average BEC social engineering scam costs $1.86 million per incident in 2023

Statistic 51

Global losses from social engineering fraud reached $12.5 billion in 2023 per FBI IC3

Statistic 52

Phishing attacks caused $52 million average breach cost, 20% above industry avg

Statistic 53

74% of breaches with social engineering led to $4.88 million median loss, Verizon 2023

Statistic 54

BEC scams accounted for $2.9 billion in US losses alone in 2023

Statistic 55

Social engineering downtime averages 23 days per incident, costing $8,500/minute

Statistic 56

Retail sector social engineering losses hit $3.2 billion annually from gift card scams

Statistic 57

Ransomware via social engineering cost global economy $20 billion in 2023

Statistic 58

Identity theft from social engineering impacted 1.1 million victims, $8.8B loss 2023 FTC

Statistic 59

Healthcare social engineering breaches averaged $10.93 million cost, highest sector

Statistic 60

Employee time lost to social engineering recovery: 1,200 hours per incident avg

Statistic 61

Finance sector social engineering fraud: $5.6 billion losses 2023

Statistic 62

Productivity loss from successful phishing: 15% workforce downtime weekly

Statistic 63

Legal fees from social engineering data breaches: $1.5 million average

Statistic 64

Notification costs post-social engineering breach: $250 per record exposed

Statistic 65

Insurance premiums rose 25% due to social engineering claims in 2023

Statistic 66

Stock drops average 7.5% after social engineering breach announcements

Statistic 67

Customer churn rate post-social engineering incident: 28%

Statistic 68

Remediation costs for vishing attacks: $2.1 million per org average 2023

Statistic 69

Global romance scams via social engineering: $1.3 billion losses 2023 FTC

Statistic 70

Operational disruption from BEC: 50% of victims delayed projects by 3+ months

Statistic 71

Social engineering led to 24% increase in cyber insurance claims 2023

Statistic 72

Average fine for GDPR violations from social eng breaches: €4.5 million

Statistic 73

Reputation damage cost: $15 million intangible loss per major incident

Statistic 74

Smishing recovery costs $1.2 million including forensics and PR

Statistic 75

In 2023, social engineering accounted for 74% of all data breaches analyzed, primarily through phishing and pretexting tactics

Statistic 76

Globally, 300,000 phishing sites are created daily, many leveraging social engineering to mimic trusted brands

Statistic 77

36% of organizations experienced a successful social engineering attack in the past year, per Proofpoint's 2023 report

Statistic 78

Social engineering incidents rose by 25% from 2022 to 2023, affecting over 80% of enterprises

Statistic 79

91% of cyberattacks begin with a phishing email, a core social engineering method

Statistic 80

In Q4 2023, social engineering attacks surged 61% year-over-year, per Zscaler's ThreatLabz

Statistic 81

68% of businesses reported social engineering attempts weekly, according to KnowBe4's 2023 benchmark

Statistic 82

Phishing, the most common social engineering vector, targeted 1.2 billion emails daily in 2023

Statistic 83

22% of all help desk calls are social engineering probes, per SANS Institute 2022 data

Statistic 84

Social engineering contributed to 49% of ransomware incidents in 2023

Statistic 85

83% of organizations faced social engineering attacks in 2023, up from 76% in 2022

Statistic 86

Daily social engineering attempts hit 4,000 per large enterprise on average, per Microsoft Security 2023

Statistic 87

95% of cybersecurity issues are caused by human error via social engineering

Statistic 88

Social engineering phishing emails increased 58% in 2023

Statistic 89

1 in 10 social engineering attacks succeed on first try, per 2023 Keeper Security study

Statistic 90

47% of breaches involved social engineering in healthcare sector 2023

Statistic 91

Global social engineering reports to FTC rose 30% in 2023 to over 2.6 million

Statistic 92

62% of IT pros saw social engineering rise in 2023 surveys

Statistic 93

Social engineering vishing calls increased 322% in 2023, per Group-IB

Statistic 94

70% of companies faced BEC social engineering scams in 2023

Statistic 95

Phishing sites mimicking social engineering rose 47% in H1 2023

Statistic 96

85% of data breaches exploit social engineering weaknesses

Statistic 97

Social engineering incidents per org averaged 1,200 in 2023

Statistic 98

34% growth in social engineering malware deliveries 2023

Statistic 99

76% of CISOs report social engineering as top threat 2023

Statistic 100

Social engineering caused 16% of all cyber incidents in EU 2023

Statistic 101

2.9 billion phishing emails blocked daily, mostly social eng, 2023

Statistic 102

40% of remote workers fell to social engineering in 2023

Statistic 103

Social engineering alerts up 150% post-COVID per 2023 data

Statistic 104

Phishing as social engineering hit 300% rise in finance sector 2023

Statistic 105

Millennials aged 24-39 comprise 40% of social engineering victims due to high social media usage

Statistic 106

Seniors over 60 report 58% of IRS impersonation social engineering scams

Statistic 107

Remote workers 3x more likely to fall for phishing social engineering, 35% susceptibility rate

Statistic 108

C-suite executives targeted in 96% of whaling social engineering attacks

Statistic 109

Females represent 53% of romance scam social engineering victims, average loss $2,500

Statistic 110

Healthcare employees 2.5x more vulnerable to pretexting due to high-stress environments

Statistic 111

Gen Z (18-23) click phishing links 3x faster than older groups, 49% rate

Statistic 112

Small businesses (<500 employees) suffer 43% of BEC social engineering hits

Statistic 113

IT staff fall for quid pro quo 28% more during off-hours shifts

Statistic 114

Low-wage employees ($<50k) targeted 60% in invoice fraud social engineering

Statistic 115

70% of social engineering victims had prior awareness training but still clicked

Statistic 116

Urban dwellers report 25% higher smishing social engineering rates than rural

Statistic 117

Finance workers 4x vulnerability to spear phishing with personalized lures

Statistic 118

Divorced individuals 2x likely romance scam targets via dating apps

Statistic 119

New hires within 90 days succumb to social engineering 55% more often

Statistic 120

Public sector employees vulnerable to tailgating 38% due to visitor policies

Statistic 121

Gamers 67% more susceptible to baiting with free game keys infected

Statistic 122

Immigrants report 40% higher grandparent scam rates due to family separation

Statistic 123

Social media heavy users (>3hrs/day) 5x phishing click rate

Statistic 124

Blue-collar workers ignore training 62%, high dumpster diving success

Statistic 125

Students 72% fall for job scams social engineering on campus job boards

Statistic 126

65+ age group loses $547 million to tech support social engineering annually

Statistic 127

Freelancers 50% higher quid pro quo via freelance platforms

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
With phishing emails hitting inboxes at a staggering rate of 1.2 billion per day and nearly three-quarters of all data breaches now stemming from human manipulation, it’s clear that social engineering has become the weapon of choice for modern cybercriminals.

Key Takeaways

  • In 2023, social engineering accounted for 74% of all data breaches analyzed, primarily through phishing and pretexting tactics
  • Globally, 300,000 phishing sites are created daily, many leveraging social engineering to mimic trusted brands
  • 36% of organizations experienced a successful social engineering attack in the past year, per Proofpoint's 2023 report
  • Vishing, a social engineering tactic, involves impersonation to extract sensitive info like passwords or financial data via phone calls mimicking authority figures
  • Phishing uses deceptive emails with urgent language and spoofed sender addresses to trick users into clicking malicious links or attachments
  • Pretexting creates fabricated scenarios, such as posing as IT support needing verification codes, to gain trust and confidential information
  • Average BEC social engineering scam costs $1.86 million per incident in 2023
  • Global losses from social engineering fraud reached $12.5 billion in 2023 per FBI IC3
  • Phishing attacks caused $52 million average breach cost, 20% above industry avg
  • Millennials aged 24-39 comprise 40% of social engineering victims due to high social media usage
  • Seniors over 60 report 58% of IRS impersonation social engineering scams
  • Remote workers 3x more likely to fall for phishing social engineering, 35% susceptibility rate
  • Annual security awareness training reduces social engineering success by 70%, per Proofpoint 2023
  • MFA blocks 99.9% of account takeover social engineering attacks, Microsoft data
  • Simulated phishing tests improve click rates by 40% after 3 campaigns, KnowBe4 2023

Social engineering caused most data breaches last year through widespread phishing attacks.

Attack Vectors and Techniques

  • Vishing, a social engineering tactic, involves impersonation to extract sensitive info like passwords or financial data via phone calls mimicking authority figures
  • Phishing uses deceptive emails with urgent language and spoofed sender addresses to trick users into clicking malicious links or attachments
  • Pretexting creates fabricated scenarios, such as posing as IT support needing verification codes, to gain trust and confidential information
  • Baiting offers physical media like infected USB drives labeled 'confidential payroll' left in public areas to entice pickup and infection
  • Quid pro quo promises tech support in exchange for remote access or credentials, often targeting stressed employees during peak hours
  • Tailgating physically follows authorized personnel into secure areas by carrying boxes or feigning injury to bypass badge checks
  • BEC scams impersonate executives via email with CEO spoofing and urgent wire transfer requests totaling billions annually
  • Smishing sends SMS with fake parcel delivery alerts containing malicious QR codes leading to credential harvesting sites
  • Spear phishing targets specific individuals with personalized info from LinkedIn or social media to craft convincing lures
  • Whaling attacks C-level executives with tailored threats like 'board meeting leak' to demand large ransoms or data
  • Dumpster diving sifts through trash for discarded documents with passwords or org charts to aid impersonation
  • Watering hole attacks compromise sites frequented by targets, injecting malware via social engineering popups
  • Reverse social engineering sets up scenarios where victim initiates contact, like fake IT issues prompting calls to attacker
  • Honeytrap uses romantic lures on social media to extract corporate secrets from executives
  • Elicitation subtly probes for info in casual conversations at conferences without raising suspicion
  • Shoulder surfing observes PIN entry in public or crowded elevators using reflections or binoculars
  • Tech support scams pop up fake virus alerts directing to call centers for remote access and ransomware deployment
  • Invoice fraud sends forged bills mimicking vendors with slight detail changes to divert payments
  • Job offer scams post fake listings on Indeed collecting resumes and personal data for identity theft
  • Charity scams exploit disasters with GoFundMe clones soliciting donations via emotional appeals
  • Romance scams build online relationships over months to request funds for fabricated emergencies
  • Grandparent scams call elderly posing as grandchildren in jail needing bail money wired immediately
  • IRS impersonation demands immediate tax payments via gift cards under threat of arrest
  • Lottery scams notify fake winnings requiring upfront fees for claim processing

Attack Vectors and Techniques Interpretation

Each method in this menagerie of manipulation reveals a universal truth: the easiest system to hack isn't made of code, but of human trust, stress, and the occasional unclaimed USB drive.

Detection, Response, and Prevention

  • Annual security awareness training reduces social engineering success by 70%, per Proofpoint 2023
  • MFA blocks 99.9% of account takeover social engineering attacks, Microsoft data
  • Simulated phishing tests improve click rates by 40% after 3 campaigns, KnowBe4 2023
  • AI email filters detect 92% of phishing social engineering attempts, IBM 2023
  • Zero-trust architecture reduces social engineering lateral movement by 85%
  • Incident response plans cut social engineering breach time by 50%, Ponemon 2023
  • Behavioral analytics flag 78% anomalous social engineering logins
  • Passwordless auth prevents 95% pretexting credential thefts
  • Employee reporting of suspicious emails rose 300% with reward programs
  • URL scanners block 88% malicious social engineering links pre-click
  • Regular vulnerability patching mitigates 67% baiting exploit chains
  • SIEM tools detect 75% vishing callback anomalies in real-time
  • Gamified training lowers phishing susceptibility by 55%, 2023 studies
  • DMARC implementation stops 96% BEC email spoofing
  • Privilege access management limits damage from 82% social engineering breaches
  • Call verification protocols reduce smishing success by 90%
  • Dark web monitoring alerts on 70% leaked credentials from social eng
  • Physical security audits cut tailgating incidents by 65%
  • AI voice analysis detects 85% vishing deepfakes, 2023 tech
  • Backup verification prevents 100% ransomware from social engineering
  • Micro-segmentation isolates 92% post-social engineering compromises
  • Phishing simulations with feedback reduce repeats by 90%
  • Endpoint detection stops 89% baiting malware executions
  • Culture of security reporting catches 60% attacks pre-escalation
  • Quantum-safe encryption future-proofs against advanced social eng, 0% breach rate projected

Detection, Response, and Prevention Interpretation

Training reduces risk, technology blocks attacks, and vigilance catches what slips through, proving that a layered human-centric defense isn't just wise—it’s wildly effective against social engineering.

Economic and Operational Impacts

  • Average BEC social engineering scam costs $1.86 million per incident in 2023
  • Global losses from social engineering fraud reached $12.5 billion in 2023 per FBI IC3
  • Phishing attacks caused $52 million average breach cost, 20% above industry avg
  • 74% of breaches with social engineering led to $4.88 million median loss, Verizon 2023
  • BEC scams accounted for $2.9 billion in US losses alone in 2023
  • Social engineering downtime averages 23 days per incident, costing $8,500/minute
  • Retail sector social engineering losses hit $3.2 billion annually from gift card scams
  • Ransomware via social engineering cost global economy $20 billion in 2023
  • Identity theft from social engineering impacted 1.1 million victims, $8.8B loss 2023 FTC
  • Healthcare social engineering breaches averaged $10.93 million cost, highest sector
  • Employee time lost to social engineering recovery: 1,200 hours per incident avg
  • Finance sector social engineering fraud: $5.6 billion losses 2023
  • Productivity loss from successful phishing: 15% workforce downtime weekly
  • Legal fees from social engineering data breaches: $1.5 million average
  • Notification costs post-social engineering breach: $250 per record exposed
  • Insurance premiums rose 25% due to social engineering claims in 2023
  • Stock drops average 7.5% after social engineering breach announcements
  • Customer churn rate post-social engineering incident: 28%
  • Remediation costs for vishing attacks: $2.1 million per org average 2023
  • Global romance scams via social engineering: $1.3 billion losses 2023 FTC
  • Operational disruption from BEC: 50% of victims delayed projects by 3+ months
  • Social engineering led to 24% increase in cyber insurance claims 2023
  • Average fine for GDPR violations from social eng breaches: €4.5 million
  • Reputation damage cost: $15 million intangible loss per major incident
  • Smishing recovery costs $1.2 million including forensics and PR

Economic and Operational Impacts Interpretation

While social engineers exploit human psychology for mere minutes, their schemes inflict a multi-billion-dollar global hangover of financial hemorrhage, operational paralysis, and shattered trust that takes years to sober up from.

Prevalence and Frequency

  • In 2023, social engineering accounted for 74% of all data breaches analyzed, primarily through phishing and pretexting tactics
  • Globally, 300,000 phishing sites are created daily, many leveraging social engineering to mimic trusted brands
  • 36% of organizations experienced a successful social engineering attack in the past year, per Proofpoint's 2023 report
  • Social engineering incidents rose by 25% from 2022 to 2023, affecting over 80% of enterprises
  • 91% of cyberattacks begin with a phishing email, a core social engineering method
  • In Q4 2023, social engineering attacks surged 61% year-over-year, per Zscaler's ThreatLabz
  • 68% of businesses reported social engineering attempts weekly, according to KnowBe4's 2023 benchmark
  • Phishing, the most common social engineering vector, targeted 1.2 billion emails daily in 2023
  • 22% of all help desk calls are social engineering probes, per SANS Institute 2022 data
  • Social engineering contributed to 49% of ransomware incidents in 2023
  • 83% of organizations faced social engineering attacks in 2023, up from 76% in 2022
  • Daily social engineering attempts hit 4,000 per large enterprise on average, per Microsoft Security 2023
  • 95% of cybersecurity issues are caused by human error via social engineering
  • Social engineering phishing emails increased 58% in 2023
  • 1 in 10 social engineering attacks succeed on first try, per 2023 Keeper Security study
  • 47% of breaches involved social engineering in healthcare sector 2023
  • Global social engineering reports to FTC rose 30% in 2023 to over 2.6 million
  • 62% of IT pros saw social engineering rise in 2023 surveys
  • Social engineering vishing calls increased 322% in 2023, per Group-IB
  • 70% of companies faced BEC social engineering scams in 2023
  • Phishing sites mimicking social engineering rose 47% in H1 2023
  • 85% of data breaches exploit social engineering weaknesses
  • Social engineering incidents per org averaged 1,200 in 2023
  • 34% growth in social engineering malware deliveries 2023
  • 76% of CISOs report social engineering as top threat 2023
  • Social engineering caused 16% of all cyber incidents in EU 2023
  • 2.9 billion phishing emails blocked daily, mostly social eng, 2023
  • 40% of remote workers fell to social engineering in 2023
  • Social engineering alerts up 150% post-COVID per 2023 data
  • Phishing as social engineering hit 300% rise in finance sector 2023

Prevalence and Frequency Interpretation

So while we're busy building higher digital walls, the con artists are simply asking the front gate to be politely opened for them, which explains why nearly every cybersecurity statistic is now just a different flavor of human deception.

Victim Profiles and Vulnerabilities

  • Millennials aged 24-39 comprise 40% of social engineering victims due to high social media usage
  • Seniors over 60 report 58% of IRS impersonation social engineering scams
  • Remote workers 3x more likely to fall for phishing social engineering, 35% susceptibility rate
  • C-suite executives targeted in 96% of whaling social engineering attacks
  • Females represent 53% of romance scam social engineering victims, average loss $2,500
  • Healthcare employees 2.5x more vulnerable to pretexting due to high-stress environments
  • Gen Z (18-23) click phishing links 3x faster than older groups, 49% rate
  • Small businesses (<500 employees) suffer 43% of BEC social engineering hits
  • IT staff fall for quid pro quo 28% more during off-hours shifts
  • Low-wage employees ($<50k) targeted 60% in invoice fraud social engineering
  • 70% of social engineering victims had prior awareness training but still clicked
  • Urban dwellers report 25% higher smishing social engineering rates than rural
  • Finance workers 4x vulnerability to spear phishing with personalized lures
  • Divorced individuals 2x likely romance scam targets via dating apps
  • New hires within 90 days succumb to social engineering 55% more often
  • Public sector employees vulnerable to tailgating 38% due to visitor policies
  • Gamers 67% more susceptible to baiting with free game keys infected
  • Immigrants report 40% higher grandparent scam rates due to family separation
  • Social media heavy users (>3hrs/day) 5x phishing click rate
  • Blue-collar workers ignore training 62%, high dumpster diving success
  • Students 72% fall for job scams social engineering on campus job boards
  • 65+ age group loses $547 million to tech support social engineering annually
  • Freelancers 50% higher quid pro quo via freelance platforms

Victim Profiles and Vulnerabilities Interpretation

Humans, in our predictable patterns from the boardroom to the breakroom, have expertly mapped our own psychological vulnerabilities, creating a catalogue where a Millennial's scroll, a CEO's authority, and a grandparent's worry are all just known entry points for the same digital con.

Sources & References

Logos provided by Logo.dev