AI phishing threat has overtaken ransomware as the most significant cyber risk facing organisations today.
That shift is not theoretical. According to the World Economic Forum Global Cybersecurity Outlook 2026, CEOs now rank cyber‑enabled fraud and phishing above ransomware as their top cyber risk and the increasing use of Artificial Intelligence is the biggest driver behind this change. Today, we’d like to talk to you about this latest phishing threat, and highlight just how easy it has become to execute at scale.
How a Phishing Attack Is Typically Conducted
A modern phishing attack follows a well-established pattern: Initially, the attacker creates or acquires a phishing kit, which contains fake login pages, payment forms or document portals designed to look like legitimate, recognisable online services.
Next, the attacker distributes phishing messages – these tend to arrive by email, text message or other messaging platforms. These messages usually aim to create urgency, such as a security alert or payment issue – anything to reduce thinking time. When targets click the link, they are taken to a convincing replica of a real service and any information entered is captured immediately. The more advanced attacks will also pass a one‑time passcode or other multi‑factor authentication (MFA) in real time to gain access to your account. AI now accelerates every stage of this process.
CEOs Now Fear Phishing More Than Ransomware
For years, ransomware dominated board‑level cyber discussions; that thinking has changed, based on a new 2026 report – the WEF Global Cybersecurity Outlook 2026 shows a clear shift:
- CEOs now rank cyber‑enabled fraud and phishing as their top cyber risk
- Ransomware does remains a major concern for CISOs
- AI‑driven attacks are accelerating faster than traditional defences
Phishing directly targets people, payments and trust. It bypasses perimeter controls and exploits human behaviour.
A UK Case That Shows the Scale of the Problem
A recent feature story from Dispatch Media highlights how far phishing operations have evolved,
“[A young student named Ollie Holman] was found guilty of orchestrating a network that made an estimated £100 million in stolen funds from victims in 24 countries, across 69 financial institutions, including major banks, public bodies and charities. The investigation involved police forces across Europe. In the end, Holman was sentenced to seven years in prison.”
This was not a small‑scale operation. It was structured, coordinated and highly effective. The tools used are far more advanced than many organisations expect. Dispatch continues,
“The kits were highly sophisticated. They included convincing replicas of Google’s “I’m not a robot” CAPTCHA and were coded to harvest information in real time. [Dispatch Media] obtained a video showing the system working live: as a victim enters their details, the information instantly appears on the phisher’s screen. The software could even prompt victims to submit two-factor authentication codes.”
This capability allows attackers to bypass controls that many organisations still rely on as a primary defence. Further. the sheer scale of the activity became clear during the trial, showing how phishing is now ‘a service’, similar to how legitimate organisations offer online services for accounting, marketing and HR. Entry barriers are low, impact is high and reach is global.
The return rate for the operator on this phishing kit was 0.3%, which appears to be entirely typical for this kind of venture. This serves to highlight one important fact:
- Phishing is a volume-based crime
Multiple industry datasets show that:
- Average real‑world phishing click rates are usually between ~1% and 5%
- Credential submission rates (the step that actually generates value) are far lower, often well under 1%
- At scale, even fractions of a percent are commercially viable for attackers
Why Does Phishing Work?
Phishing economics are very different from legitimate businesses.
Cost of Operation Is Extremely Low
Modern phishing kits:
- Are cheap or free
- Are reused thousands of times
- Automate infrastructure, harvesting and exfiltration
- Require minimal ongoing effort
When costs are near zero, returns do not need to be high.
Scale Multiplies Small Percentages
A 0.3% success rate sounds small — until you apply scale.
For example:
- 1,000,000 phishing messages sent
- 0.3% success rate
- = 3,000 victims
At even modest per‑victim losses, this becomes highly lucrative. This is exactly why phishing‑as‑a‑service exists.
Many “Failures” Still Have Value
Even when phishing does not lead to immediate fraud:
- Credentials may be resold
- MFA fatigue attacks may follow
- Access can be used later
- Data feeds future targeting
Attackers measure success over time, not per message.
How AI Is Supercharging Phishing Attacks
AI has transformed phishing in three key ways:
More Convincing Messages
AI generates realistic emails and messages that mimic tone, grammar and context. This removes many traditional warning signs.
Better Targeting
Attackers use AI to analyse social media, breached data and public information. This enables highly personalised phishing.
Faster Automation
AI allows attackers to generate, test and refine campaigns continuously, with minimal human involvement, which ties into the whole business model – scale is essential. The WEF also stated in their report that 77% of organisations saw an increase in cyber‑enabled fraud and phishing in the past year.
How Cyber & Data Protection will help you defend your organisation against phishing
At Cyber & Data, we help organisations address phishing as both a technical and human risk.
Secure Deployment of AI
We help organisations:
- Assess AI tools before deployment
- Implement security‑by‑design and governance
- Reduce data leakage and misuse
- Align AI adoption with risk and compliance
AI must reduce risk, not introduce new attack surfaces.
Using AI to Defend Against Phishing
AI can also strengthen defence when used correctly. Defensive AI can:
- Detect phishing patterns earlier
- Identify abnormal user behaviour
- Improve email and identity threat detection
- Reduce response time through automation
We support secure selection, configuration and governance of these tools.
Training That Changes Behaviour
Training remains essential, but it must reflect real attack techniques. Our approach focuses on:
- Practical, role‑specific awareness
- Ongoing reinforcement and simulation
- Measurable improvement, not tick‑box compliance
How Cyber Essentials Reduces Phishing Risk
Phishing often succeeds because basic controls are missing. Cyber Essentials helps by enforcing:
- Multi‑Factor Authentication (MFA) to block credential reuse (despite phishing kits replaying these MFA defences, it is still better to have them rather than not. Better still, deploy the ability to use passkeys, as highlighted in this blog post backed up by NCSC research).
- Secure configuration to reduce exposure
- Access control to limit impact
- Patch management to close common attack paths
It is not a silver bullet, but it significantly raises the bar for attackers.
Final Thoughts: Lead with Governance and Education
Phishing is still a major cyber threat facing organisations. AI has made attacks easier, faster and more convincing and automatic defence must evolve just as quickly.
Effective training, strong fundamentals, intelligent controls and secure AI deployment are now essential. If you want to reduce phishing risk, Cyber & Data can help.
Cyber & Data Protection are able to assess your organisation for Cyber Essentials. Get in touch with us now for more information.
Contact Cyber & Data Protection to discover how our tailored training, cyber security and data protection packages and extensive Cyber Essentials and virtual CISO services can keep your business ahead of the game to help navigate the likely cyber threats in 2026 and maintain compliance.
📧 Email: [email protected]
📞 Call: +44 1743 644404