Phishing Attacks Surge Across Fortune 100: Employee Data Exposed at 86% of Companies
- Jun 17
- 2 min read
Key Findings
86% of Fortune 100 companies had employee data exposed through phishing attacks in the past 12 months
78% of large organizations experienced increased phishing volume over the past year
84% report AI-generated phishing attacks are becoming more prevalent or harder to defend against
Phishing attacks now target enterprise users five times more frequently than malware infections
Only 38% of organizations can confidently detect and respond to credential theft within 24 hours
68% require 4+ hours to identify and remediate confirmed phishing exposures
Just 30% have fully integrated phishing detection with identity response workflows
Background
SpyCloud released its 2026 Phishing Pulse Report based on surveys of security professionals at organizations with more than 1,000 employees, combined with analysis of active phishing campaigns and phishing-as-a-service infrastructure. The research reveals that threat actors are leveraging AI and PhaaS platforms to launch sophisticated, scalable attacks against enterprise targets with unprecedented success rates. Technology companies face the highest exposure risk, followed by airlines and automotive manufacturers.
Enterprises Under Unprecedented Targeting Pressure
The shift toward enterprise phishing is dramatic and deliberate. PhaaS platform records show approximately half are tied to enterprise identities compared to just 11% from malware sources. Analysis of specific phishing kits like Tycoon 2FA found roughly 80% of captured credentials belonged to corporate email accounts. This represents a significant escalation from late 2025, when enterprises were targeted roughly three times more often than through malware—the ratio has now jumped to five times more likely.
AI and Advanced Techniques Reshape Attack Methods
AI-generated phishing dominated security professionals' concerns, but the threat landscape has grown more complex. Organizations report mounting worries about business email compromise at 58%, vendor impersonation at 52%, collaboration platform phishing at 36%, and session hijacking at 20%. Device code phishing represents a particularly dangerous evolution, exploiting legitimate OAuth workflows to obtain authenticated access that persists long after initial compromise. Rather than fighting authentication controls directly, attackers now leverage trusted systems to gain access that survives standard password resets.
Critical Response Capability Gaps
Organizations recognize the threat but lack the infrastructure to respond effectively. The majority struggle with fundamental post-attack tasks: 58% cannot identify which credentials or session tokens were exposed, 42% struggle to remediate exposed users at scale, and 68% need four hours or longer to identify and remediate confirmed incidents. These delays give attackers crucial time to establish persistence, move laterally through networks, escalate privileges, and launch follow-on attacks including ransomware, account takeover, and fraud.
The Visibility Problem
Visibility into what was actually exposed represents the single greatest barrier to effective response. When security teams lack clarity on compromised credentials, session tokens, and authentication artifacts, remediation becomes exponentially more difficult. Organizations must move beyond prevention-focused strategies toward comprehensive response capabilities that provide continuous visibility into exposed credentials and enable rapid, scaled remediation before attackers can weaponize their access.
Sources
https://securityonline.info/spycloud-report-finds-phishing-attacks-surge-as-employee-data-is-exposed-at-86-of-fortune-100-companies/
https://hackread.com/spycloud-report-finds-phishing-attacks-surge-as-employee-data-is-exposed-at-86-of-fortune-100-companies/

Comments