Skip to main content
Esc

Type to search

Articles / fintech / New research: AI-powered phishing defenses made security teams faster, but AI-generated attacks made defense more expensive overall

New research: AI-powered phishing defenses made security teams faster, but AI-generated attacks made defense more expensive overall

Jun 5, 2026 · Source: fintechnews.org · Topic:  fintech
Annual Cost per Analyst
$51,948
The financial burden of phishing on security teams, indicating a 13.6% increase since 2022.
Phishing Time Consumption
36.5%
The percentage of security team hours consumed by phishing, up from 33.5% three years ago.
Cost Reduction per Email
$27.51
The new cost per phishing email, reduced by 12% from the previous cost of $31.32.

§ 01 Executive Snapshot

  • What: New research reveals that phishing now consumes significant time and resources from security teams, with AI-generated attacks driving costs up.
  • Who: IRONSCALES, Osterman Research, and 128 IT and security professionals from organizations with 1,000 to 5,000 employees.
  • Why it matters: The study highlights the paradox of AI in cybersecurity, where while defenses improve efficiency, the sophistication of phishing attacks increases overall costs and resource demands.

§ 02 Key Developments

  • Phishing now costs $51,948 per security analyst annually, up 13.6% from $45,726 in 2022.
  • Phishing consumes 36.5% of security team working hours, up from 33.5% three years ago.
  • AI-powered defenses reduced the cost per phishing email by 12% ($31.32 to $27.51) and cut handling time per incident by 16% (27.5 minutes to 23.2 minutes).
  • 62.5% of respondents state deepfake attacks are immediately disruptive, with 31.3% rating deepfakes as “extremely impactful.”
  • Only 20% of respondents expect phishing to become easier to manage in the next 12 months.

§ 03 Strategic Context

  • The findings present a before-and-after perspective on how generative AI has transformed the phishing landscape, particularly since the launch of ChatGPT.
  • The data indicates that as AI technologies evolve, organizations must shift from a reactive approach to a more proactive security strategy to combat the increasing sophistication of phishing attacks.

§ 04 Strategic Implications

  • Immediate implications include heightened operational costs for organizations dealing with phishing due to increased attack volume and complexity.
  • Long-term operational implications suggest that organizations need to invest in proactive security measures rather than solely relying on reactive responses to phishing threats.

§ 05 Risks & Constraints

  • Potential risks include the overwhelming volume of phishing attacks that may outpace organizations' ability to effectively deploy defenses.
  • The reliance on AI for both attackers and defenders creates a competitive landscape where attackers may continuously adapt their strategies to exploit vulnerabilities.

§ 06 Watchlist / Forward Signals

  • Organizations should monitor the implementation of new AI-powered defensive tools and their effectiveness against evolving phishing tactics.
  • The success of preemptive security measures, such as those offered by IRONSCALES, will be critical in determining the future landscape of phishing threats and defenses.
§ 07

Frequently Asked Questions

What are the current costs associated with phishing for security teams?

Phishing now costs $51,948 per security analyst annually, which is a 13.6% increase from $45,726 in 2022.

How have AI-powered defenses impacted the handling of phishing incidents?

AI-powered defenses reduced the cost per phishing email by 12% and cut handling time per incident by 16%.

Why is there a need for organizations to shift to proactive security strategies?

As AI technologies evolve, organizations must adapt to the increasing sophistication of phishing attacks, which are becoming more complex and frequent.

Who conducted the research on AI and phishing defenses?

The research was conducted by IRONSCALES, Osterman Research, and involved 128 IT and security professionals from organizations with 1,000 to 5,000 employees.

§ 08

Related Articles