AI-Powered Social Engineering Spikes in 2026, Report Warns of Compressed Attack Timelines

by

Estimated reading time: 4 minutes

The new Cyber Security Report 2026 from Check Point Research shows that threats are growing faster and more complex. In 2025, investigators saw criminals automate scams, speed up attacks, and run ransomware operations more efficiently. AI is a key driver, helping with persuasion, information gathering, and malware creation. Insurers and CISOs now see more frequent claims and new risks from unmanaged AI. The report’s main point is clear: speed is increasing, visibility is dropping, and weak governance can turn small mistakes into big losses. As the report says, “the human element remains the weakest link in organizational security.”

AI cybersecurity report 2026 cover from Check Point Research showing a digital map and cyber threat theme
Findings From The Cyber Security Report 2026
  1. Cyber attacks reached record levels in 2025. On average, organizations faced 1,968 attacks each week. The report calls this the “highest level recorded” in its data. This is an 18% increase from last year and almost 70% higher than in 2023.
  2. Social engineering attacks now use more channels than just phishing emails. The report notes that attackers also use phone calls, messaging apps, and real-time impersonation. They often target help desks and vendors to quickly reset passwords.
  3. ClickFix made social engineering attacks more effective by getting users to take actions themselves. This approach bypasses many file-based security controls. The report states, “In 2025, ClickFix activity increased by approximately 500% compared to the previous year.”
Threat Actors Sharpen Human-Focused Intrusion Tactics
  1. Voice impersonation led to expensive breaches and fraud. The report connects these voice tactics to “high-impact incidents” and extortion. It references FBI reports of losses “exceeding $250 million” in 2025 and describes cases involving Scattered Spider and a group called SLH.
  2. Specific cases in the report show large-scale operational damage. Attackers broke into Marks & Spencer using targeted social engineering after “extensive reconnaissance.” Another 2025 attack on Jaguar Land Rover caused shutdowns and “disrupted production for several weeks.” The report estimates damages at “approximately £1.9 billion.”
  3. The number of ransomware victims listed on leak sites rose sharply. The report says, “Over 7,960 victims were named on data-leak sites” in 2025, a 53% increase from the previous year. In Q1, there were 2,289 published victims, and by Q4, the number reached 2,473.
See also  Onda Teams Up with Panorays to Streamline Cyber Insurance Underwriting

“The human element remains the weakest link.”

Cyber Security Report 2026 – Check Point Research
Ransomware, edge exposure, and AI governance reshape 2026 risk
  1. Ransomware groups split up and then came back together. The report found 140 different leak-site groups in 2025, up from about 90 in late 2024. Smaller groups filled the gaps after some were taken down or left. Later, major brands returned and brought their affiliates back. The report points to Qilin’s growth and the relaunch oUnmonitored devices at the network edge became platforms for attacks. The report says defenders lost visibility over this infrastructure, and “attackers are instead effectively turning it into an attack platform.” It describes campaigns using these devices for stealthy access and movement, and warns that poor monitoring slows down detection.s detection.
  2. Operations linked to China focused on staying persistent at the network edge and quickly using new vulnerabilities. The report describes “edge-focused intrusion paths” and fast use of zero-day exploits. It mentions attacks on Ivanti Connect Secure devices and custom implants like BRICKSTORM. The report also notes vendor exposure, such as a disclosure by F5 Networks, and references National Cyber Security Centre alerts about firewall implants.
  3. AI created new enterprise exposure through data leakage and toolchains. The report says organizations used “more than fourteen different AI services per organization on average.” It reports that 89% of organizations faced risky prompts monthly. It adds, “1 in 41 submitted prompts” ranked high risk, up 97% versus early 2025. The report also flags Model Context Protocol exposure, citing a review that found vulnerabilities in 40% of the approximately 10,000 MCP servers it probed.
See also  Adlumin and Cysurance Partner On Cyber Insurance For SMBs
Predictions That Matter For Cyber Insurers

The report predicts that “agentic AI” will shift from assistance to operational autonomy in 2026. It warns that prompt injection and data poisoning will threaten model integrity. It also expects more advanced conversational fraud using deepfakes and voice cloning. Quantum risk is moving from a long-term theory to a near-term concern. The report also expects broader regulation and stronger accountability.

Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!

Recommendations Insurers Can Map To Controls

The report urges organizations to use layered prevention throughout the attack chain. It also calls for “continuous validation” to show that controls work under pressure. The report recommends tighter governance of AI use and stronger oversight of third-party tools. It encourages better monitoring of the perimeter and “unmonitored devices.” It also stresses the need to strengthen identity security, since attackers often use valid credentials.

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

See also  CyberCube Partners with Acclaim Insurance Brokers to Enhance Cyber Risk Assessment in Singapore

Leave a Comment

×