The 2025 Global Threat Intelligence Report reveals that human-related attack vectors, particularly phishing, now account for a staggering 77% of all cyberattacks, up from 60% in 2024.
The Mimecast report highlights a 500% surge in ClickFix schemes—attacks that trick users into executing malicious commands—accounting for nearly 8% of reported attacks. This dramatic rise indicates a critical challenge for CISOs, as attackers increasingly use AI to craft convincing email chains, impersonate trusted contacts, and exploit everyday business tools.
“We’re seeing a clear evolution in attacker behaviour in 2025, headlined by an exponential rise in AI-driven threats,” said Ranjan Singh, chief product & technology officer at Mimecast. As threat actors pivot to multichannel tactics, they utilise familiar services like Adobe Pay and DocuSign to evade detection, blurring the lines between legitimate business activities and malicious intent.
Mimecast’s response to these emerging threats includes the introduction of the Mihra AI agent. This innovative tool has reportedly improved threat response times by up to seven times, a crucial development for CISOs who face overwhelming volumes of alerts. The platform harnesses data from over 24 trillion security events, helping organisations predict and prevent attacks tailored to their specific behaviours.
Key innovations:
- Protection by AI: The platform’s ability to analyse vast amounts of data enables predictive threat prevention and automatic security controls tailored to individual organisations.
- Protection from AI: Mimecast’s technology is designed to detect and block AI-generated attacks that can evade traditional security measures, crucial for organisations facing sophisticated phishing campaigns.
- Protection for AI: The platform provides visibility into the use of generative AI across enterprises, ensuring compliance with governance policies while preventing misuse of unsanctioned tools.
The integration of email security, collaboration tools, and generative AI monitoring into a unified console allows organisations to streamline their investigations and improve response times. Features like personalised risk scorecards and automated behavioural nudges empower organisations to actively manage and mitigate human risk.
As organisations in Asia prepare for 2026, adopting a human-centric security design will be essential.
