Social engineering drives over one-third of global cyber incidents in 2025
Palo Alto Networks has released the 2025 Unit 42 Global Incident Response Report: Social Engineering Edition, revealing that human manipulation now drives more than one-third of cyber incidents worldwide. The study, based on over 700 cases between May 2024 and May 2025, shows that 36% of attacks started with social engineering tactics, with many going beyond phishing to include SEO poisoning, fake system prompts, and help desk manipulation.
Two major attack patterns have emerged. Targeted compromises involve impersonation, privilege escalation, and real-time manipulation through stolen data and voice lures. At the same time, broad-scale deception relies on mass tactics like ClickFix, malicious browser prompts, and poisoned search results.
Key findings from the report include:
- Low alert visibility: 13% of critical alerts were missed or misclassified, enabling attackers to exploit weak identity recovery and lateral movement.
- Business disruption: Over 50% of incidents exposed sensitive data, while others halted operations.
- AI-driven deception: 23% of social engineering incidents used callback or voice-based AI techniques.
- Profit-focused attacks: 93% of intrusions were financially motivated.
- Top targeted sectors: Manufacturing (15%), professional/legal services (11%), wholesale/retail (10%), and financial services (10%).
In the Philippines, identity fraud, scams, and illegal access remain high-risk threats. The National Cybersecurity Plan (2023–2028) seeks to counter these through stronger response teams and public awareness programs.
“The biggest vulnerability in cybersecurity is not only about the technology; it is also about the exploitation of trust,” said Philippa Cogswell, Vice President and Managing Partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks. She added that organizations must protect systems, people, and processes, especially as AI accelerates the scale of attacks.
The report recommends organizations to:
- Strengthen identity security with analytics and Identity Threat Detection and Response (ITDR).
- Adopt Zero Trust with least-privilege access and conditional policies.
- Secure human workflows by protecting help desks and training staff against impersonation.
- Expand visibility beyond email to detect SEO poisoning, fake prompts, and malicious links.
The full report is available at: Unit 42 Global Incident Response Report
