The Data Behind the Deception: Optery 2026 Enterprise Social Engineering Report
Based on responses from 400+ cybersecurity leaders
Inside the report
Targeted social engineering is rising, multi-channel, personalized, straining enterprise defenses, and producing credential compromise across the majority of organizations.
For years, leaked ransomware group communications, incident investigations, and government advisories have shown attackers using commercial data brokers as part of their reconnaissance and targeting process.
Now, Optery’s survey adds defender-side validation: cybersecurity leaders ranked data broker and people-search sites as the most significant source of attacker intelligence, ahead of social platforms and breach data.
The findings also point to a major shift in defense priorities. Reducing publicly exposed employee data ranked as both the most widely used defense and the largest investment priority in the survey.
Cybersecurity leaders are moving upstream and prioritizing prevention by reducing the exposure that enables targeted attacks.
Key findings
96% report targeted social engineering increased and ~75% report credential compromise
89.8% say recent attacks are highly or moderately personalized
Data broker and people-search sites ranked as the #1 source of attacker intelligence
Reducing exposed employee data ranked as both the #1 defense in use and #1 investment priority
85% agree reducing exposed employee data lowers social engineering risk and 82% plan to expand personal data removal coverage
About the survey
400+ cybersecurity leaders surveyed
Large-enterprise respondent base
Director, VP, and executive-heavy sample
Margin of error: ±4.8%
[Webinar] The Data Behind the Deception: Inside Optery’s 2026 Enterprise Social Engineering Survey
Join us on Tuesday, May 19 at 2 PM EST for a live conversation on how experienced cybersecurity leaders are protecting their organizations from modern cyberattacks.
