The Global Cyber Defense Alliance has reported a dramatic 300% increase in sophisticated phishing attacks throughout 2025, with small and midsize businesses (SMEs) being the primary victims.
Unlike traditional phishing — often filled with typos and generic language — the new wave of attacks utilizes AI-generated emails, capable of:
-
Mimicking company writing style
-
Using internal terminology scraped from public sources
-
Referencing real people and departments
This makes the attacks significantly harder to detect.
Threat landscape
Researchers found that:
- 64% of SMEs experienced at least one phishing attempt that appeared “legitimate”
- 28% of successful breaches originated from AI-crafted email content
- Attackers increasingly impersonate IT departments, HR, and financial controllers
Financial impact
The average cost of a phishing-related breach for SMEs rose to $173,000, including system downtime, data recovery, and regulatory penalties.
Recommended protections
Cyber experts now advise:
- Mandatory multi-factor authentication
- Automated email filtering with AI anomaly detection
- Regular employee awareness training
- Zero-trust access architecture
Emerging regulations
Governments in the EU, UK, and Singapore are reviewing legislation to limit misuse of generative AI in cybercrime, including penalties for AI-enhanced attacks.