Special Edition: The Data Behind the Deception
In this special edition of The Optery Dispatch, we’re focusing exclusively on Optery’s 2026 Enterprise Social Engineering Survey Report, The Data Behind the Deception.
Based on a survey of 421 cybersecurity leaders, the report shows how large-enterprise security teams are experiencing and responding to targeted social engineering attacks.
In Issue #13, published May 19, 2026, we break the report down into three major insights:
- Security teams are moving upstream by prioritizing employee data exposure reduction
- Targeted social engineering is increasing, personalized, multi-channel, straining defenses, and compromising credentials across most organizations
- Data brokers are being recognized as a major source of attacker intelligence
Targeted social engineering is increasing, personalized, multi-channel, straining defenses, and compromising credentials across most organizations
For most large enterprises, targeted social engineering has become a growing and persistent operational challenge.
Nearly all survey respondents, 96%, reported an increase in targeted social engineering attempts over the past 12 months. Nearly nine in ten, 89.8%, said recent attacks were highly detailed or moderately personalized.
The attacks are also reaching employees across multiple channels. No single channel dominates and defensive confidence varies across channels. Confirmed incidents were reported across social media at 56.3%, voice or phone at 55.3%, company website or domain impersonation at 52.0%, email at 50.8%, and SMS or text at 41.1%.
The survey also shows that this activity is putting pressure on security teams. More than half of respondents, 52.7%, said the volume of targeted social engineering is creating increasing strain, difficult to keep up with, or overwhelming existing defenses.
The impact is measurable. 74.6% of respondents reported credential compromise resulting from targeted social engineering attacks in the last year, with additional respondents reporting suspected credential compromise.
This pressure is pushing security leaders to look earlier in the attack lifecycle, at the exposed employee data attackers use to identify targets and support social engineering campaigns.
Data brokers are being recognized as a major source of attacker intelligence
Targeted social engineering depends on information. Attackers need employee data to identify the right people, understand their roles, reach them through the right channels, and make impersonation attempts believable.
Survey respondents overwhelmingly believe the personal and professional information of employees at their organizations is easy for attackers to obtain online. Large majorities said attackers can easily obtain corporate email format patterns, breached credentials tied to personal contact information, personal mobile numbers, personal email addresses, job titles and reporting structures, family member or associate names, and home addresses.
Respondents rated data broker and people-search sites as the leading source of attacker intelligence used to support targeted social engineering. 97.6% of respondents rated data broker and people-search data as a significant source of attacker intelligence for social engineering, ahead of social and professional platforms at 90.5% and dark web or breach data at 89.3%.
The gap is even clearer at the highest severity level. 64.4% rated data broker and people-search sites as very significant sources, compared with 48.9% for social and professional platforms and 46.6% for breach repositories or dark web sources.
Documented examples from recent years show that the data broker risk is not hypothetical. Leaked ransomware group communications, incident investigations, and government advisories have shown threat actors using commercial data sources to support reconnaissance, target selection, and social engineering, as we covered in Dispatch Issue #4.
The survey also shows that organizations are actively assessing their employee data exposure. 70.1% of respondents said their organizations have conducted organization-wide scans for publicly exposed employee data, and another 24.9% said they have conducted scans for executives only. In total, 95.0% reported some level of exposure scanning.
Those scans are finding a real exposure problem. 77.4% of respondents believe employees’ personal data is very or somewhat exposed across data broker and people-search sites.
The survey shows that security leaders are recognizing employee data exposure risk, assessing it, and beginning to address it comprehensively.
As security teams assess exposure, many are now prioritizing employee data removal.
Reducing publicly exposed employee data ranked as the most widely used security measure for addressing social engineering, with 59.9% of respondents saying it is already in use. It also ranked as the largest investment priority, with 33.7% identifying it as the primary area of spend.
A strong majority, 85.3%, agreed that limiting exposed employee data reduces social engineering risk. 76.5% also said limiting employee personal data online is critical or very important as AI-generated social engineering attacks become more scalable.
More than half of respondents, 53.9%, reported having a broad program to reduce exposed employee data, and another 38.7% reported programs focused on specific roles. In addition, 76.5% categorize reducing publicly exposed employee data as either a core security initiative or supporting security measure.
At the same time, program adoption and workforce coverage are at different stages. Only 14.0% of respondents said personal data removal efforts currently cover the full workforce. Most coverage remains focused on executives, privileged access holders, and other high-risk roles.
Exposure remains high even as organizations prioritize the issue. Security teams are moving in the right direction, but most have not yet scaled personal data removal across the broader employee population.
The role-targeting data shows why broader coverage is needed. Respondents reported frequent targeting of IT/IAM personnel at 80.5%, HR at 44.7%, finance at 43.9%, executives at 42.3%, help desk at 33.0%, engineers at 22.8%, contractors at 17.8%, and sales at 9.3%.
Expansion plans are underway, however. 82.2% plan to expand personal data removal coverage in the next 12 months.
Personal data removal has become a formal part of enterprise social engineering defense and a priority, but most organizations are still in the early stages of scaling it. Large enterprises appear to be moving upstream first, and smaller or less security-mature organizations are likely to follow as employee data exposure reduction becomes a more established security practice.
Read the full survey report here for more insights (no personal data required): The Data Behind the Deception: Optery 2026 Enterprise Social Engineering Survey Report – Optery
Thanks for reading! Want us to write about something specific? Submit a topic or idea.
If you’re looking to reduce your organization’s exposed PII and dramatically lower the volume of phishing, voice and messaging scams, credential theft attempts, and other PII-based threats your team has to defend against, Optery can help. We find and remove dozens more exposed profiles per person on average than competing services, and we prove it with before-and-after screenshots.
Subscribe to receive future editions of The Optery Dispatch
