Osterman Research and IRONSCALES: Study: AI-Powered Cyber Attacks Hit 88% of Legacy Email Security Systems

AI-Powered Phishing Surge Exposes Gaps in Enterprise Security Defenses

A new study by Osterman Research, commissioned by IRONSCALES, reveals a sharp rise in AI-driven cyber threats targeting enterprise communications, with 88% of organizations reporting at least one security incident in the past year that eroded trust in digital interactions. The findings highlight a growing disconnect: while 82% of cybersecurity leaders acknowledge heightened attacker interest in exploiting trusted channels, 60% lack confidence in their ability to counter deepfake attacks effectively.

AI Reshapes the Threat Landscape

Traditional phishing and business email compromise (BEC) attacks have evolved, leveraging AI to bypass legacy defenses. Threat actors now deploy hyper-personalized, multi-channel attacks via email, phone, video, and collaboration platforms eliminating red flags like grammar errors or suspicious sender addresses. Despite current breach rates, the worst may be ahead: 28% of respondents believe AI-generated phishing is still in its early stages, while 25–28% say the same for deepfake audio and video attacks.

Finance Teams Under Siege

Finance departments face a perfect storm of risk, identified as the top target (59%) for attackers while also being the group security leaders are most concerned about (59%) in terms of readiness. Over 33% of organizations reported successful vendor impersonation attacks in the past year, with 13% seeing major increases year-over-year. These scams often involve threat actors masquerading as trusted vendors to steal funds or sensitive data.

Legacy Tools and Training Fall Short

Nearly one in five security leaders admit that security awareness training is ineffective against AI-enhanced threats. Current programs struggle to prepare employees for deepfake attacks, with 38–43% of respondents rating training as only "moderately effective" or worse for detecting AI-generated phishing, deepfake audio, and deepfake video. Meanwhile, legacy email protections designed for older threats are increasingly inadequate against modern, AI-driven attacks.

Organizations Rethink Security Strategies

The urgency of the threat is prompting action: 70% of organizations now prioritize detecting deepfake audio impersonation, and a similar percentage are willing to adopt new point solutions (70%), switch vendors (68%), or overhaul their entire security stack (70%). The cost of inaction is steep 55% of security leaders warn that failing to defend against trust-based attacks significantly increases the risk of data breaches, along with operational disruptions and compromised customer communications.

Source: https://www.cpapracticeadvisor.com/2026/02/09/study-ai-powered-cyber-attacks-hit-88-of-legacy-email-security-systems/177694/

IRONSCALES cybersecurity rating report: https://www.rankiteo.com/company/ironscales

"id": "IRO1770667049",
"linkid": "ironscales",
"type": "Cyber Attack",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'type': 'Enterprise Organizations'}],
 'attack_vector': ['Email', 'Phone', 'Video', 'Collaboration Platforms'],
 'data_breach': {'type_of_data_compromised': ['Sensitive data',
                                              'Customer communications']},
 'description': 'A new study by Osterman Research, commissioned by IRONSCALES, '
                'reveals a sharp rise in AI-driven cyber threats targeting '
                'enterprise communications, with 88% of organizations '
                'reporting at least one security incident in the past year '
                'that eroded trust in digital interactions. The findings '
                'highlight a growing disconnect: while 82% of cybersecurity '
                'leaders acknowledge heightened attacker interest in '
                'exploiting trusted channels, 60% lack confidence in their '
                'ability to counter deepfake attacks effectively. AI-driven '
                'phishing and BEC attacks now leverage hyper-personalized, '
                'multi-channel attacks via email, phone, video, and '
                'collaboration platforms, bypassing legacy defenses.',
 'impact': {'brand_reputation_impact': 'Eroded trust in digital interactions',
            'data_compromised': True,
            'operational_impact': 'Operational disruptions',
            'systems_affected': ['Enterprise communication systems']},
 'initial_access_broker': {'high_value_targets': ['Finance departments']},
 'lessons_learned': 'Legacy security tools and training are inadequate against '
                    'AI-driven threats. Organizations must prioritize modern '
                    'defenses, including deepfake detection and multi-channel '
                    'attack prevention.',
 'motivation': ['Financial gain', 'Data theft', 'Operational disruption'],
 'post_incident_analysis': {'root_causes': ['AI-driven attack sophistication',
                                            'Inadequate legacy defenses',
                                            'Ineffective security training']},
 'recommendations': ['Adopt new point solutions for AI-driven threats',
                     'Switch vendors or overhaul security stacks',
                     'Enhance security awareness training for deepfake '
                     'detection',
                     'Improve defenses for finance teams and vendor '
                     'impersonation attacks'],
 'references': [{'source': 'Osterman Research (commissioned by IRONSCALES)'}],
 'title': 'AI-Powered Phishing Surge Exposes Gaps in Enterprise Security '
          'Defenses',
 'type': ['Phishing', 'Business Email Compromise (BEC)', 'Deepfake Attacks'],
 'vulnerability_exploited': ['Legacy email protections',
                             'Inadequate security awareness training']}