Hoxhunt 2026 Research Reports Reveal a Surge in Phishing Attacks, Reinforcing the Need for Human-Centric Cybersecurity
Publish Date: 2026-06-10 09:00:00
Source Domain: www.prnewswire.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Hoxhunt’s contributions to the Verizon 2026 Data Breach Investigations Report further reflect this reality, as 62% of breaches contained the human element
MINNEAPOLIS, June 10, 2026 /PRNewswire/ — Data and analyses from Hoxhunt, the leading Human Risk Management platform, reveal a rise in advanced phishing campaigns throughout 2026. Collected from tens of millions of threat reports from millions of global Hoxhunt users, Hoxhunt data reveals an uptick in phishing volume targeting employees, as AI-generated phishing attacks have surged by 14x in 2026.
Key findings from Hoxhunt’s recent reports include:
2026 Tax Season Phishing ReportAn unprecedented wave of tax-themed phishing campaigns targeting employees swept over U.S. organizations this spring.
Largest tax-related phishing campaign observed: In the spring of 2026, Hoxhunt detected the largest tax-related phishing campaign ever observed in its global threat intelligence data—collected from tens of millions of threat reports from over 4 million global Hoxhunt users—with U.S. tax authority impersonation campaigns increasing by over 400% compared to the baseline from the previous two years.
Increase in phishing volume: 147.3% overall increase in malicious phishing emails reported by U.S. users during spring 2026 compared to prior periods. The tax-themed phishing attacks were unusually personalized and contextualized to blend into corporate workflows.
2026 Phishing Trends ReportHoxhunt’s annual Phishing Trends Report provides the industry’s chief reference point on real phishing attacks that bypass email filters, helping paint a clearer picture of evolving trends in the AI-boosted phishing landscape and its effect on human cyber behavior.
Surge in AI-generated phishing attacks: Based on 4 million people’s interactions with over 50 million phishing simulations and real attacks, Hoxhunt’s 2026 data revealed a 14x end-of-year surge in AI-generated phishing attacks.
Malicious attachments: 11% of AI phishing emails use malicious attachments. Malicious SVG files increased fifty-fold compared to previous years, comprising 5% of all malicious attachments. SVG files appear to be harmless graphics but can bypass many anti-spam email tools, making them an attractive technique for attackers.
Verizon 2026 Data Breach Investigations ReportFor the second consecutive year, Hoxhunt contributed to the Verizon Data Breach Investigations Report (DBIR), which reveals the largest sources of data breaches over the last year. Hoxhunt’s industry-leading research into emerging social engineering patterns and user behavior covers both simulated and real-world contexts.
Human element is a persistent risk: 62% of breaches contained the human element, up from 60% in 2025.
Social engineering makes the top three: Social engineering was the third most-common breach pattern (16% of all breaches).
The 2026 DBIR highlights AI-enabled social engineering and the importance of “security fundamentals,” such as strong security culture and behavior, to stay secure in a rapidly changing threat landscape.
“AI is making social engineering faster and more scalable,” said Maxime Cartier, VP of Human Risk, Hoxhunt. “When we keep training timely and relevant, people can adapt just as fast as the threats.”
Hoxhunt data proves the efficacy of security behavior change programs over the traditional Security Awareness Training model (quarterly, manual, static trainings); data shows employees recognize and report social engineering attacks with a 6x improvement in 6 months. They reduce the number of malicious clicks by 87%.
Join Verizon and Hoxhunt for a DBIR Webinar on June 17On June 17 (11 a.m. CT), Hoxhunt and Verizon will host a webinar to discuss security awareness and human risk management-relevant findings from the 2026 Verizon DBIR. Philippe Langlois, DBIR Author and Lead Data Scientist at Verizon; Maxime Cartier, VP of Human Risk at Hoxhunt; and David Badanes, Human Risk Advisor, will explore key insights into the human side of the 2026 DBIR and advise attendees on how to align their security awareness program to the current cybersecurity landscape.
Register here to join: Verizon DBIR and Human Risk Management.
To learn more about Hoxhunt, please visit: https://hoxhunt.com/.
About HoxhuntHoxhunt is a Human Risk Management platform that helps security leaders and employees join forces to prevent data breaches. Hoxhunt combines AI and behavioral science to consolidate signal data, take timely actions on risky activities, and gamify individualized micro-training experiences that people love. As employees learn to detect and report advanced phishing attacks, operations teams are equipped to respond fast and transform security culture with limited resources. Security leaders shine with outcome-driven metrics to document reduced cybersecurity risk.
Hoxhunt works with leading global companies such as Airbus, Uber, Monster Energy, Qualcomm, Docusign, Nokia, AES, Air Asia, and E.on, and partners with leading global cybersecurity companies such as Microsoft and Deloitte.
Media ContactChristian MorleyICR for Hoxhunt[email protected]
SOURCE Hoxhunt
