Imagine you’re the security lead for a well-funded organization that just invested in next-gen email security, and within the first week, a run-of-the-mill, HR-themed phishing message bypasses your tech controls because no employee bothered to hit the “Report” button when the fishy email landed in their inbox.
When you look at the latest numbers, that story is as believable as they come. In fact, AI-generated and QR-code phishing emails can lure clicks from more than 30% of employees. And according to Verizon’s "2025 Data Breach Investigations Report," the human element was a factor in 68% of breaches.