With generative AI enabling cybercriminals to craft highly convincing phishing emails and targeted scams, businesses across Europe are facing an unprecedented surge in sophisticated cyber threats. While security teams assume their existing tools are sufficient, traditional defences are failing to detect and block evolving attacks in real time, reports John E. Kaye
By 2030, global cybercrime is projected to cause over USD $30 trillion in damages—surpassing the annual GDP of both the U.S. and Europe, the world’s two largest economies. According to Microsoft, 600 million cyberattacks occur every day, targeting businesses, consumers, and devices at a rate of one every two seconds—amounting to 2.7 cybercrimes per minute.
The numbers paint a bleak picture of what experts describe as the “gravest-ever threat to humanity”—one that rivals pandemics, war, climate change, and nuclear proliferation combined.
As cybersecurity defences grow more advanced, so do the tactics used to breach them. Standard security software such as firewalls and email gateways are stronger, encryption is more robust, and known threat detection is faster than ever.
But the reality is that cybercriminals also have access to this technology, continually evolving to breach these defences and appeal to human vulnerabilities. Generative AI means cybercriminals are becoming increasingly adept – and creative – at exploiting this. And email remains the easiest way in.
The days of poorly written phishing emails littered with typos and other obvious scams are long gone. Today’s threats are highly sophisticated, exploiting tactics to evade conventional technology, and deploying AI-generated, personalised phishing emails and sophisticated social engineering tactics to deceive their victims.
“We’re seeing phishing emails that are almost indistinguishable from genuine communication reach corporate networks,” Marc Olesen, the CEO of Cofense, a global leader in email security, told The European.
“They’re designed to bypass perimeter defences and get to the inbox, delivering well written malicious emails that use real branding to trick even the most cautious employees. At the same time, voice phishing attacks have surged, with criminals using AI-generated voices to impersonate trusted executives and suppliers with unnerving accuracy.”
Olesen, who has been helping organisations fight cybercrime for over 15 years, said the abuse of legitimate business software to subvert security measures is also rising exponentially.
Platforms such as Microsoft Office, SharePoint, and Google AMP are being exploited to host malicious content, allowing attackers to evade security technology and “appear credible while delivering harmful payloads,” he said.
Scams are further enhanced with cybercriminals tailoring messages to exploit individuals’ roles, responsibilities and authorities. They also capitalise on key business milestones, such as HR benefit enrolment periods or financial approval deadlines, to trick employees to take immediate action. By crafting deceptively trustworthy and well-timed messages that mimic official requests, cybercriminals breach perimeter defences and can manipulate victims into engaging.
This new reality requires organisations to build defences that address every layer of potential weakness, and proactively defend against these evolving, zero-day sophisticated threats. Those that withstand a breach will be those that can act with agility and precision, identifying and mitigating risks before damage is done.
Security teams are now dealing with hundreds, if not thousands, of threats daily. If a malicious email reaches an inbox and isn’t reported or removed quickly, it can lead to much bigger problems—from compromised accounts to major data breaches.
“A single phishing email can give an attacker access to an entire network,” Olesen said. “Once they’re inside, they can steal sensitive data and launch more sophisticated attacks.”
Scams targeting finance teams and executives have resulted in millions lost to fraudulent transactions. In 2024 alone, losses from Business Email Compromise (BEC) attacks soared to a record USD $2.9 billion, as criminals continue to manipulate employees into approving unauthorised payments.
The cost of a data breach has also reached an all-time high. Stolen credentials can expose sensitive customer data, trigger regulatory fines, and lead to drawn-out legal battles. Last year alone, the average cost of a data breach hit USD $4.88 million.
Beyond monetary loss, the damage to a company’s reputation can be irreparable. “A single incident can shatter client trust and corporate credibility overnight,” Olesen explained.
The ability to detect and neutralise new, evolving attacks in real time has therefore become critical, and companies that prioritise speed are the ones that will stay ahead. This means tapping into verified zero-day threat detection, automation tools, and real-time intelligence that feeds a multilayered defence to stop cyberattacks before they escalate.
These solutions can cluster similar attacks, remove phishing emails across an entire network, and provide employees with built-in reporting tools to flag suspicious messages. Some also integrate with existing cybersecurity infrastructure, creating a deeper more unified, proactive defence against evolving threats.
However, many organisations wrongly assume that off-the-shelf security solutions offer the same level of protection. In reality, standard systems fall short, lacking the real-time threat intelligence needed to detect fast-evolving attacks and failing to adapt quickly enough to counter emerging risks effectively.
Olesen said its Cofense Phishing Threat Detection and Response (PDR), which combines the latest AI-models with real-time human-vetted intelligence, was created for this reason.
“Cybercrime is a grave threat to humanity’s future—and the difference between preventing an attack and becoming the next victim is speed, intelligence, and adaptability,” he said.
“Companies can’t afford to spend days analysing individual threats. They need solutions that enable proactive reporting, detection and removal of malicious emails before employees have time to engage with them—because by the time an attack is noticed, it’s often too late.
“Organisations that avoid cyberattacks will be the ones that embrace an in-depth intelligence driven defence, built to detect and remediate the evolving zero-day attacks bypassing standard security. Cybersecurity requires more than a single line of defence to keep up with AI-powered cyber criminals. Organisations must outpace the threats to stay secure.”
Further information
Main Image: Formula Phish racing cars
