Email attacks are often discussed as if they arrive at random—a numbers game played at scale, where volume alone determines who gets hit. The data in this report tells a different story.
Learn MoreDrawing on nearly 800,000 real attacks across more than 4,600 organizations, the 2026 Attack Landscape Report is a data-driven analysis of phishing, business email compromise (BEC), and vendor email compromise (VEC). It examines how threat actors execute attacks and how they calibrate their approach to the operational context of their target—the org's size, industry, employee roles, regional business norms, and security infrastructure.
The findings converge on a single operational reality: modern attacks exploit trusted relationships, normal business workflows, and the gaps that static defenses can't close to manipulate employees and infiltrate organizations.
What the data shows:
The phishing playbook is environment-aware. Phishing tactics calibrate to the target environment, with evasion techniques, lure types, and brand pretexts all shifting based on the operational profile.
BEC looks fundamentally different at scale. As organizations grow, attackers shift from impersonating executives to impersonating employees—matching the identity type to how trust actually works at that scale.
VEC technique selection follows cost-benefit logic. Impersonation is the default, and account compromise is the upgrade, deployed where impersonation alone won't survive scrutiny.
Fill out the form to get your copy today.
Earn ISC2 CPE (1 credit)
This resource is ISC2 CPE eligible. Submit the credit form to claim your continuing-education credits.
Claim Your ISC2 Credit