Palo Alto Networks Releases 2025 Unit 42 Social Engineering Report

Palo Alto Networks, the global cybersecurity leader, has released its findings from the 2025 Unit 42 Global Incident Response Report: Social Engineering Edition, revealing how identity-driven attacks are bypassing even the most advanced technical controls by exploiting people, processes, and operational fatigue.

The report, based on 700 real-world investigations across 49 countries, found that 13% of social engineering incidents were traced back to ignored or untriaged security alerts—a sign that alert fatigue remains a critical weakness for defenders. These breaches often start not with a malicious file, but with a conversation, a convincing request, or a process loophole—and they are proving costly. 60% percent of social engineering incidents led to data exposure, compared to 44% across all attack types.

Instead of relying solely on malware or vulnerability exploitation, attackers are following two dominant playbooks:

• High-touch compromise – impersonating employees or IT staff in real time to bypass authentication steps.
• At-scale deception – using tactics like SEO poisoning, malvertising, and fake browser prompts to lure users into granting access.

The rise of Generative AI is amplifying both approaches, enabling attackers to create tailored lures at scale, generate convincing voice clones, and, with emerging “agentic” tooling, automate entire social engineering campaigns from start to finish.

The report also highlights systemic gaps that compound the risk:

• 66% of social engineering cases targeted privileged accounts, widening the potential blast radius.
• Credential recovery mechanisms—such as IT help desk resets were routinely abused to bypass MFA.
• 10% of incidents stemmed from missing or misconfigured MFA protections.

Certain industries are feeling the effects more acutely. Manufacturing recorded the highest rate of data exposure from social engineering attacks (15%), followed by professional services and retail. While high-tech remained the most targeted sector overall, attackers are increasingly turning their attention to operational and customer-facing industries, where process-based vulnerabilities are more common.

“India’s pace of digital adoption is extraordinary, and with that comes a unique challenge. While we’re quick to embrace new technology, the layers of awareness and process maturity that secure those systems often take longer to build,” said Swapna Bapat, VP and MD, India & SAARC, Palo Alto Networks. “The findings in this report reflect a deep-lying pattern: attackers are relying on process gaps and identity blind spots alongside conventional technical flaws. Solving for that takes more than security upgrades; it takes making security second nature across teams."

The report calls for applying Zero Trust principles to people as well as networks, correlating identity signals with Identity Threat Detection and Response (ITDR) and User and Entity Behavior Analytics (UEBA) tools to detect abuse faster, hardening recovery workflows, and running live simulations to build awareness across all levels of an organisation.