Cybersecurity specialists are urging businesses to expand staff training, strengthen authentication processes and adopt technologies
Social engineering has become the leading cause of cyber intrusions, accounting for 36 percent of breaches between May 2024 and May 2025, new figures show.
The tactic – which manipulates individuals into revealing confidential information or granting access to systems – has surpassed malware and software exploits as the most common method used by attackers. Security analysts say the rise reflects the growing sophistication of phishing campaigns, business email compromise schemes and other forms of deception targeting human vulnerabilities rather than technical flaws.
By contrast, malware-based intrusions and exploits of software vulnerabilities, once dominant in breach statistics, accounted for a smaller share of incidents over the past year. Experts warn that while organisations have invested heavily in antivirus tools, firewalls and patching, many remain underprepared to address the human factor in security.
Cybersecurity specialists are urging businesses to expand staff training, strengthen authentication processes and adopt technologies that can detect suspicious user behaviour. They note that as technical defences improve, adversaries are increasingly focusing on social manipulation, making awareness and education critical to prevention.
