Eye Safety’s 2026 State of Incident Response Report reveals that cyberattacks on corporations are more and more going undetected, and the harm happens inside minutes. In response to the report, attackers at the moment are focusing much less on hacking methods and extra on exploiting current entry factors.
Id-based assaults dominate the sector, with passwords being concerned in 97% of incidents tracked by Eye Safety. Abuse of official accounts is a major reason behind cloud security incidents and drives the enterprise of preliminary entry brokers.
Nonetheless, the examine’s outcomes present that attackers’ elementary strategies stay unchanged. “Even in 2026, compromise will nonetheless start with phishing, exploiting misconfigured or weak internet-enabled methods, social engineering, or assaults through the software program provide chain,” explains Lodi Hensen, VP of security operations at Eye Safety.
BEC assaults are notably widespread
Enterprise e-mail compromise (BEC) is the most typical type of assault, in response to the examine: Greater than 70% of incidents fall into this class. In 40% of those circumstances, phishing served because the preliminary level of entry. Analysts say that BEC assaults can stay undetected for weeks with out steady monitoring.
Moreover, the examine highlights that ransomware stays one of many greatest threats. “The proliferation of Ransomware-as-a-Service (RaaS), BuilderLeaks, and entry dealer marketplaces has lowered the boundaries to entry and created an expert ecosystem,” the authors clarify.
The report reveals a harmful development: the commercialization of insider information. “Teams like ShinyHunters are actively recruiting staff to purchase entry credentials. This blurs the road between exterior assaults and insider threats,” the security researchers clarify. “For ransomware actors, this bought entry is commonly sooner and extra dependable than technical hacking.”
Firms within the industrial, building, and transport and logistics sectors are notably affected. Many ransomware attackers exploit on a regular basis vulnerabilities: unprotected purposes, insecure distant entry, or phishing emails by way of which staff unknowingly disclose login credentials. The evaluation evaluated a complete of 630 security incidents in Europe from 2023 to 2025.
