"As email security awareness has improved, cybercriminals have had to shift their tactics to other trusted communication channels," said Javvad Malik, lead CISO advisor at KnowBe4.
Infosecurity Europe 2026 survey: the landscape in numbers
New research from KnowBe4, gathered in an in-person survey of 169 cybersecurity professionals at Infosecurity Europe 2026, finds a sharp gap between where attacks are moving and where organizations feel able to detect them. Sixty percent of respondents said cyber-attacks are already moving beyond email, and half (50%) reported that their organization lacks strong confidence in detecting threats across messaging and social platforms.
Email: riskiest channel — and the one organizations trust most
Respondents still rank phishing email as the single biggest threat, with 61% naming it their top concern — ahead of AI-generated threats, insider threats and malware. Paradoxically, while email is considered the 'riskiest' work-based channel, it is also the channel where organizations feel most capable of defending. The survey found 83% confidence in the organization’s ability to stop email-based attacks, a markedly higher level than for any non-email channel measured.
Where confidence drops: Teams, Slack, social and SMS
As attackers diversify into collaboration and social platforms, defenders report falling visibility and confidence. More than half of respondents selected non-email channels — including Slack, Microsoft Teams, social media and WhatsApp — as the 'most vulnerable' to cyber-attacks. Confidence levels to defend outside email are lower across the board: Teams 61%, social media 51%, SMS/WhatsApp 50% and Slack 40%.
Training and tooling gaps: irregular coverage beyond email
Most organisations provide some form of training that extends beyond email, but only 41% do so on a regular basis. Worryingly, 13% of those surveyed said they 'never' train users on Teams, Slack or SMS threats. Malik warned that collaboration tools present new opportunities for attackers to exploit everyday workplace interactions and that "in tandem, AI is making phishing, impersonation and social engineering attacks more convincing and difficult to detect."
He advised organisations to equip employees to recognise threats wherever they appear and to invest in tools that can monitor, detect and respond across collaboration platforms rather than relying solely on traditional email security controls.
What this means for security teams, procurement leaders, and end users
- Security teams: Need to expand detection coverage beyond email and prioritise monitoring and response capabilities for collaboration platforms where confidence is weakest (Slack 40%, SMS/WhatsApp 50%, social 51%, Teams 61%).
- Procurement and IT leaders: Must weigh investment in tooling that covers messaging and social channels and consider the training cadence, given only 41% provide regular non-email training and 13% provide none for Teams, Slack or SMS.
- End users and employees: Remain a frontline of defence as attackers shift into trusted workplace communications; the survey indicates many organisations do not yet train consistently for threats on those platforms.
The KnowBe4 findings describe a transitional moment: email remains both the most feared and the best-defended vector, while collaboration and social channels are rated more vulnerable and less well covered. With 60% of respondents saying attacks have already migrated beyond email and half lacking strong confidence in their visibility on those platforms, the survey leaves a practical question for organisations: will monitoring, regular training and platform-specific detection tools be scaled to match where attackers are going?
