A new survey by Vodafone Business revealed that most UK businesses are unprepared for the rapid rise in artificial intelligence (AI)-driven phishing attacks, which have increased by 60% globally over the past year.

Despite 78% of business leaders expressing confidence in their employees’ ability to detect such scams, only 33% successfully identified fraudulent communications, as per the Proactive Security – Phishing of the Future report.

The survey, conducted by market research firm Walr on behalf of Vodafone Business, involved 1,000 business leaders and 2,000 office workers across the UK.

Rising frequency of phishing attacks and business impact

The study revealed that phishing attacks are becoming increasingly frequent and sophisticated. Over the past two years, 55% of business leaders and 45% of office workers reported being targeted. Email remained the most common method of attack, accounting for 82% of incidents, followed by phone scams at 39% and social media phishing at 22%.

The financial impact of these attacks can be significant, with breaches costing businesses an average of £4,200. The increasing use of AI by cybercriminals to create realistic and targeted phishing attempts makes these scams more challenging to detect, leaving many businesses exposed.

“As our campaign highlights, cybercriminals are using AI tools to develop effective and convincing phishing scams, enabling them to create these deceptive communications at a pace and scale not seen before,” said Vodafone Business security enhanced head Steve Knibbs.

“Of course, businesses should be highly aware of the implications of falling victim to cyber scams, which can often lead to drastic reputational and financial consequences.

“I would request businesses of all sizes shore up their around-the-clock cybersecurity protection, by adopting a proactive, multi-layered approach that combines technical safeguards with employee education and AI-driven detection tools that can recognise patterns in phishing attempts.”

The survey identified younger employees, particularly those aged 18 to 24, as more susceptible to phishing attacks. Nearly half (47%) of workers in this age group admitted they had not updated their passwords in over a year, and 19% reported never having changed them. Additionally, 62% of junior staff maintained public social media profiles, compared to 40% of all respondents. Public profiles increase the risk of personal information being exploited for phishing attacks, with cybercriminals using AI tools to personalise scams or mimic voices.

The study revealed that 54% of UK businesses do not have a response plan in place to address AI-driven phishing attacks. Although 80% of organisations recognised the importance of cybersecurity training, only 64% had provided such training in the past two years.

Among employees, 31% reported that their training needed updating to address modern AI-powered threats. Younger staff, in particular, expressed dissatisfaction, with 67% stating that existing training was not tailored to their roles. Confidence in detecting phishing scams also varied, with only 24% of respondents feeling able to identify image or search engine scams, while 63% could spot text phishing attempts and 40% could recognise voice-based scams.

In the Proactive Security – Phishing of the Future report, Vodafone Business outlined several policy recommendations to address these challenges. These include introducing financial incentives, such as tax breaks, grants, or subsidies, to encourage businesses to invest in cybersecurity tools and training. It also proposed reallocating funds from the National Cyber Security Strategy to support localised training initiatives tailored to specific business needs.

Vodafone Business emphasised the importance of adopting AI-driven cybersecurity tools and providing comprehensive training to combat AI-led threats. Additionally, it called for the expansion of Cyber Resilience Centres (CRCs) by establishing new facilities in underserved regions and enhancing existing ones to offer targeted support to businesses.

Meanwhile, a separate survey by Abnormal Security highlighted the evolving strategies of cybercriminals, reporting a 350% rise in file-sharing phishing attacks over the past year. This trend points to an increased use of file-sharing services to carry out phishing schemes. At the same time, traditional business email compromise (BEC) attacks have grown by 50%, further emphasising the broadening scope of cyber threats.

Read more: Phishing via file-sharing services jumps 350%, warns Abnormal Security