Question 1

How many phishing emails are sent per day?

Accepted Answer

Roughly 3.4 billion phishing emails per day per APWG aggregated estimates. The exact number is unknowable, but quarterly attack-share counts and total email volume converge near that figure.

Question 2

What is the average phishing breach detection time?

Accepted Answer

254 days mean time to identify and contain (IBM 2025), with the phishing subset slightly above the cross-vector mean. Breaches detected after 200 days cost approximately $1.2M more than those caught earlier.

Question 3

What share of organisations face phishing every year?

Accepted Answer

84% of organisations reported at least one successful phishing attack in 2024 (Proofpoint State of the Phish 2025). The rate is essentially universal at enterprise scale.

Question 4

What is the trend in phishing volume?

Accepted Answer

Distinct campaign volume has flattened. Successful-attack rate has risen, driven by AI-generated lures lifting per-message effectiveness. Translation: fewer attempts to reach a successful click.

Question 5

What share of breaches are caused by phishing?

Accepted Answer

Phishing accounts for 16% of all breaches as the listed initial vector (IBM 2025). Industry guidance routinely cites that 90%+ of cyberattacks begin with a phishing email when counting downstream credential and ransomware events.

Metric	2022	2023	2024	2025
Average breach cost	$4.35M	$4.45M	$4.88M	$4.88M
BEC losses (US)	$2.40B	$2.70B	$2.77B	Pending
Detection time	277 d	277 d	258 d	254 d
AI-generated phishing share	<5%	29%	67%	82.6%
Vishing volume index	100	180	640	1733+
Quishing campaign count index	100	210	415	510+

Source	What it provides
IBM Cost of a Data Breach Report 2025	Per-record cost, industry breakdown, mean detection. Annual.
Verizon Data Breach Investigations Report 2025	Initial-vector taxonomy and industry vertical breakouts. Annual.
FBI IC3 Annual Report 2024	BEC losses, complaint counts, recovery rates. Annual.
Anti-Phishing Working Group 2025	Quarterly attack volume, brand-impersonation share.
Proofpoint State of the Phish 2025	Click rates, training effectiveness, organisational impact.
Hoxhunt 2026 Trends Report	AI phishing share, vishing surge metrics, behavioural baselines.
Keepnet Labs 2025	Quishing growth, deepfake projection scenarios.
Microsoft Digital Defence Report 2025	Token-theft, MFA effectiveness baseline.

Phishing Statistics Annex

Headline figures

Year-on-year trends

Source index

Cross references