Report by Dune

CISOs on the Emerging Threats Redefining User Cyber Risk

16 FINDINGSPublished Sep 4, 2025
View Original Report →

Key Findings

59% of CISOs at enterprises fear voice phishing (vishing).

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingVishing

0% of surveyed enterprises simulate threats in encrypted messaging apps.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
Enterprises

Only 27% of CISOs at enterprises simulate SMS phishing.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingSmishing

64% of enterprises faced off-channel attacks in the past year.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
Enterprises

Concern for attacks coming from collaboration tools and encrypted messaging is 38% at enterprises.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
Enterprises

71% of CISOs at enterprises worry about SMS phishing (smishing).

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingSmishing

Just 15% of CISOs at enterprises test voice phishing.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingVishing

Only 12% of CISOs at enterprises believe their current Security Awareness Training (SAT) program is sufficient.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesSecurity awareness program

64% of surveyed enterprises confirmed social engineering attacks via encrypted or informal channels in the past 12 months.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesSocial engineering

Testing for collaboration tools and encrypted messaging plummets to single digits or zero at enterprises.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
Enterprises

91% of enterprises say tailoring phishing simulations by both role and behavior is essential.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishing

Just 18% of enterprises tailor phishing simulations by both role and behavior.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingSecurity awareness training

Only 15% of enterprises simulate vishing.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingVishing

Only 27% of enterprises test smishing.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingSmishing

100% of enterprises test email phishing.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishing

AI-personalized phishing now drives 300% more user interaction than traditional, templated variants.

DuneCISOs on the Emerging Threats Redefining User Cyber Risk·8mo ago
EnterprisesPhishingAI