Gitnux/Report 2026

Social Engineering Statistics

Most people think social engineering runs on big, obvious cons, but the statistics show it often succeeds through small, believable pressure points that blend into everyday interactions. Read this page to see the 2026 figures and the sharp shift in how attackers gain trust, so you can spot the pattern before it turns into a real breach.
127Statistics
5Sections
9mRead
17 days agoUpdated
Social Engineering Statistics
Verified via a 4-step process
01Source

Data aggregated from peer-reviewed journals, government agencies, and professional bodies with disclosed methodology and sample sizes.

02Verify

Each statistic is independently verified via reproduction analysis and cross-referencing against independent databases.

03Grade

Figures are graded by cross-model consensus. Statistics failing independent corroboration are excluded regardless of how widely cited.

04Cite

Every figure carries a primary source. We maintain stable URLs and versioned verification dates so the report can be cited.

Read our full methodology →

Statistics that fail independent corroboration are excluded.

Next review Dec 2026
Social engineering accounts for 74 percent of analyzed data breaches. Attackers gain access mainly by impersonating trusted contacts through calls, emails, and fabricated scenarios rather than exploiting code. The statistics below break down the common techniques along with measured impacts and defenses.

Key Takeaways

  • Vishing, a social engineering tactic, involves impersonation to extract sensitive info like passwords or financial data via phone calls mimicking authority figures
  • Annual security awareness training reduces social engineering success by 70%, per Proofpoint 2023
  • Average BEC social engineering scam costs $1.86 million per incident in 2023
  • In 2023, social engineering accounted for 74% of all data breaches analyzed, primarily through phishing and pretexting tactics
  • Millennials aged 24-39 comprise 40% of social engineering victims due to high social media usage

Social engineering succeeds most often by exploiting human trust, so strong verification habits are crucial.

01 · Category

Attack Vectors and Techniques24 stats

01
Vishing, a social engineering tactic, involves impersonation to extract sensitive info like passwords or financial data via phone calls mimicking authority figures
02
Phishing uses deceptive emails with urgent language and spoofed sender addresses to trick users into clicking malicious links or attachments
03
Pretexting creates fabricated scenarios, such as posing as IT support needing verification codes, to gain trust and confidential information
04
Baiting offers physical media like infected USB drives labeled 'confidential payroll' left in public areas to entice pickup and infection
05
Quid pro quo promises tech support in exchange for remote access or credentials, often targeting stressed employees during peak hours
06
Tailgating physically follows authorized personnel into secure areas by carrying boxes or feigning injury to bypass badge checks
07
BEC scams impersonate executives via email with CEO spoofing and urgent wire transfer requests totaling billions annually
08
Smishing sends SMS with fake parcel delivery alerts containing malicious QR codes leading to credential harvesting sites
09
Spear phishing targets specific individuals with personalized info from LinkedIn or social media to craft convincing lures
10
Whaling attacks C-level executives with tailored threats like 'board meeting leak' to demand large ransoms or data
11
Dumpster diving sifts through trash for discarded documents with passwords or org charts to aid impersonation
12
Watering hole attacks compromise sites frequented by targets, injecting malware via social engineering popups
13
Reverse social engineering sets up scenarios where victim initiates contact, like fake IT issues prompting calls to attacker
14
Honeytrap uses romantic lures on social media to extract corporate secrets from executives
15
Elicitation subtly probes for info in casual conversations at conferences without raising suspicion
16
Shoulder surfing observes PIN entry in public or crowded elevators using reflections or binoculars
17
Tech support scams pop up fake virus alerts directing to call centers for remote access and ransomware deployment
18
Invoice fraud sends forged bills mimicking vendors with slight detail changes to divert payments
19
Job offer scams post fake listings on Indeed collecting resumes and personal data for identity theft
20
Charity scams exploit disasters with GoFundMe clones soliciting donations via emotional appeals
21
Romance scams build online relationships over months to request funds for fabricated emergencies
22
Grandparent scams call elderly posing as grandchildren in jail needing bail money wired immediately
23
IRS impersonation demands immediate tax payments via gift cards under threat of arrest
24
Lottery scams notify fake winnings requiring upfront fees for claim processing
Interpretation

Attack Vectors and Techniques Interpretation

Each method in this menagerie of manipulation reveals a universal truth: the easiest system to hack isn't made of code, but of human trust, stress, and the occasional unclaimed USB drive.

02 · Category

Detection, Response, and Prevention25 stats

01
Annual security awareness training reduces social engineering success by 70%, per Proofpoint 2023
02
MFA blocks 99.9% of account takeover social engineering attacks, Microsoft data
03
Simulated phishing tests improve click rates by 40% after 3 campaigns, KnowBe4 2023
04
AI email filters detect 92% of phishing social engineering attempts, IBM 2023
05
Zero-trust architecture reduces social engineering lateral movement by 85%
06
Incident response plans cut social engineering breach time by 50%, Ponemon 2023
07
Behavioral analytics flag 78% anomalous social engineering logins
08
Passwordless auth prevents 95% pretexting credential thefts
09
Employee reporting of suspicious emails rose 300% with reward programs
10
URL scanners block 88% malicious social engineering links pre-click
11
Regular vulnerability patching mitigates 67% baiting exploit chains
12
SIEM tools detect 75% vishing callback anomalies in real-time
13
Gamified training lowers phishing susceptibility by 55%, 2023 studies
14
DMARC implementation stops 96% BEC email spoofing
15
Privilege access management limits damage from 82% social engineering breaches
16
Call verification protocols reduce smishing success by 90%
17
Dark web monitoring alerts on 70% leaked credentials from social eng
18
Physical security audits cut tailgating incidents by 65%
19
AI voice analysis detects 85% vishing deepfakes, 2023 tech
20
Backup verification prevents 100% ransomware from social engineering
21
Micro-segmentation isolates 92% post-social engineering compromises
22
Phishing simulations with feedback reduce repeats by 90%
23
Endpoint detection stops 89% baiting malware executions
24
Culture of security reporting catches 60% attacks pre-escalation
25
Quantum-safe encryption future-proofs against advanced social eng, 0% breach rate projected
Interpretation

Detection, Response, and Prevention Interpretation

Training reduces risk, technology blocks attacks, and vigilance catches what slips through, proving that a layered human-centric defense isn't just wise—it’s wildly effective against social engineering.

03 · Category

Economic and Operational Impacts25 stats

01
Average BEC social engineering scam costs $1.86 million per incident in 2023
02
Global losses from social engineering fraud reached $12.5 billion in 2023 per FBI IC3
03
Phishing attacks caused $52 million average breach cost, 20% above industry avg
04
74% of breaches with social engineering led to $4.88 million median loss, Verizon 2023
05
BEC scams accounted for $2.9 billion in US losses alone in 2023
06
Social engineering downtime averages 23 days per incident, costing $8,500/minute
07
Retail sector social engineering losses hit $3.2 billion annually from gift card scams
08
Ransomware via social engineering cost global economy $20 billion in 2023
09
Identity theft from social engineering impacted 1.1 million victims, $8.8B loss 2023 FTC
10
Healthcare social engineering breaches averaged $10.93 million cost, highest sector
11
Employee time lost to social engineering recovery: 1,200 hours per incident avg
12
Finance sector social engineering fraud: $5.6 billion losses 2023
13
Productivity loss from successful phishing: 15% workforce downtime weekly
14
Legal fees from social engineering data breaches: $1.5 million average
15
Notification costs post-social engineering breach: $250per record exposed
16
Insurance premiums rose 25% due to social engineering claims in 2023
17
Stock drops average 7.5% after social engineering breach announcements
18
Customer churn rate post-social engineering incident: 28%
19
Remediation costs for vishing attacks: $2.1 million per org average 2023
20
Global romance scams via social engineering: $1.3 billion losses 2023 FTC
21
Operational disruption from BEC: 50% of victims delayed projects by 3+ months
22
Social engineering led to 24% increase in cyber insurance claims 2023
23
Average fine for GDPR violations from social eng breaches: €4.5 million
24
Reputation damage cost: $15 million intangible loss per major incident
25
Smishing recovery costs $1.2 million including forensics and PR
Interpretation

Economic and Operational Impacts Interpretation

While social engineers exploit human psychology for mere minutes, their schemes inflict a multi-billion-dollar global hangover of financial hemorrhage, operational paralysis, and shattered trust that takes years to sober up from.

04 · Category

Prevalence and Frequency30 stats

01
In 2023, social engineering accounted for 74% of all data breaches analyzed, primarily through phishing and pretexting tactics
02
Globally, 300,000 phishing sites are created daily, many leveraging social engineering to mimic trusted brands
03
36% of organizations experienced a successful social engineering attack in the past year, per Proofpoint's 2023 report
04
Social engineering incidents rose by 25% from 2022 to 2023, affecting over 80% of enterprises
05
91% of cyberattacks begin with a phishing email, a core social engineering method
06
In Q4 2023, social engineering attacks surged 61% year-over-year, per Zscaler's ThreatLabz
07
68% of businesses reported social engineering attempts weekly, according to KnowBe4's 2023 benchmark
08
Phishing, the most common social engineering vector, targeted 1.2 billion emails daily in 2023
09
22% of all help desk calls are social engineering probes, per SANS Institute 2022 data
10
Social engineering contributed to 49% of ransomware incidents in 2023
11
83% of organizations faced social engineering attacks in 2023, up from 76% in 2022
12
Daily social engineering attempts hit 4,000 per large enterprise on average, per Microsoft Security 2023
13
95% of cybersecurity issues are caused by human error via social engineering
14
Social engineering phishing emails increased 58% in 2023
15
1 in 10 social engineering attacks succeed on first try, per 2023 Keeper Security study
16
47% of breaches involved social engineering in healthcare sector 2023
17
Global social engineering reports to FTC rose 30% in 2023 to over 2.6 million
18
62% of IT pros saw social engineering rise in 2023 surveys
19
Social engineering vishing calls increased 322% in 2023, per Group-IB
20
70% of companies faced BEC social engineering scams in 2023
21
Phishing sites mimicking social engineering rose 47% in H1 2023
22
85% of data breaches exploit social engineering weaknesses
23
Social engineering incidents per org averaged 1,200 in 2023
24
34% growth in social engineering malware deliveries 2023
25
76% of CISOs report social engineering as top threat 2023
26
Social engineering caused 16% of all cyber incidents in EU 2023
27
2.9 billion phishing emails blocked daily, mostly social eng, 2023
28
40% of remote workers fell to social engineering in 2023
29
Social engineering alerts up 150% post-COVID per 2023 data
30
Phishing as social engineering hit 300% rise in finance sector 2023
Interpretation

Prevalence and Frequency Interpretation

So while we're busy building higher digital walls, the con artists are simply asking the front gate to be politely opened for them, which explains why nearly every cybersecurity statistic is now just a different flavor of human deception.

05 · Category

Victim Profiles and Vulnerabilities23 stats

01
Millennials aged 24-39 comprise 40% of social engineering victims due to high social media usage
02
Seniors over 60 report 58% of IRS impersonation social engineering scams
03
Remote workers 3x more likely to fall for phishing social engineering, 35% susceptibility rate
04
C-suite executives targeted in 96% of whaling social engineering attacks
05
Females represent 53% of romance scam social engineering victims, average loss $2,500
06
Healthcare employees 2.5x more vulnerable to pretexting due to high-stress environments
07
Gen Z (18-23) click phishing links 3x faster than older groups, 49% rate
08
Small businesses (<500 employees) suffer 43% of BEC social engineering hits
09
IT staff fall for quid pro quo 28% more during off-hours shifts
10
Low-wage employees ($<50k) targeted 60% in invoice fraud social engineering
11
70% of social engineering victims had prior awareness training but still clicked
12
Urban dwellers report 25% higher smishing social engineering rates than rural
13
Finance workers 4x vulnerability to spear phishing with personalized lures
14
Divorced individuals 2x likely romance scam targets via dating apps
15
New hires within 90 days succumb to social engineering 55% more often
16
Public sector employees vulnerable to tailgating 38% due to visitor policies
17
Gamers 67% more susceptible to baiting with free game keys infected
18
Immigrants report 40% higher grandparent scam rates due to family separation
19
Social media heavy users (>3hrs/day) 5x phishing click rate
20
Blue-collar workers ignore training 62%, high dumpster diving success
21
Students 72% fall for job scams social engineering on campus job boards
22
65+ age group loses $547 million to tech support social engineering annually
23
Freelancers 50% higher quid pro quo via freelance platforms
Interpretation

Victim Profiles and Vulnerabilities Interpretation

Humans, in our predictable patterns from the boardroom to the breakroom, have expertly mapped our own psychological vulnerabilities, creating a catalogue where a Millennial's scroll, a CEO's authority, and a grandparent's worry are all just known entry points for the same digital con.
Reference

Cite This Report

This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.

APA
Thomas Lindqvist. (2026, February 13). Social Engineering Statistics. Gitnux. https://gitnux.org/social-engineering-statistics
MLA
Thomas Lindqvist. "Social Engineering Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/social-engineering-statistics.
Chicago
Thomas Lindqvist. 2026. "Social Engineering Statistics." Gitnux. https://gitnux.org/social-engineering-statistics.