KnowBe4 Research Finds More than 60% of UK Organizations Report Cyberattacks Spreading Beyond Email Into Teams, Slack and SMS

While UK organizations still currently see email phishing as the biggest threat, they are significantly concerned about their readiness for emerging AI threats.

Key Stats:

• 50% of UK organizations lack strong confidence in detecting threats across messaging and social platforms
• 60% of respondents say that threats are already moving beyond email
• 54% of respondents still consider traditional phishing emails as the biggest threat to their organization
• 66% of respondents believe employees are more likely to trust messages received through internal collaboration platforms
• Only 41% of organizations regularly train on threats beyond email
• Two-thirds believe employees trust collaboration tools more than emails

New UK research released today byKnowBe4, the global leader in digital workforce security, securing both AI agents and humans, has revealed a significant readiness deficit when it comes to modern threat detection and prevention across platforms like Slack, Teams and other collaboration tools. Notably, the research also revealed that half of UK organizations lack strong confidence in detecting threats across messaging and social platforms, despite 60% saying that threats are already moving beyond email.

An in-person survey of 169 cybersecurity professionals conducted at Infosecurity Europe 2026 in London found that while organizations remain confident in their ability to defend against traditional attacks such as phishing via email, many lack confidence in detecting and securing threats across channels including collaboration tools, messaging apps and social media. The findings also highlight how evolving multi-channel attack methods are affecting the preparedness of both security leaders and employees.

Threats Quickly Moving Beyond Email

More than half (54%) of respondents still consider traditional phishing emails as the biggest threat to their organization - above AI generated threats, insider threats and malware - though 6 in 10 respondents have observed attacks moving beyond email. This suggests multi-channel attacks are becoming mainstream. Attackers increasingly target Microsoft Teams, Slack, SMS and WhatsApp to reach victims. This aligns with wider industry trends around "cross-channel social engineering." Notably, The KnowBe4 Phishing Threat Trends Report Volume Seven revealed a 41% surge in Teams-based attacks between October 2025 and March 2026.

The Infosecurity Europe survey also found, non-email channels (like Slack, Teams, Social Media or WhatsApp) were selected by more than half of respondents as "most vulnerable" to cyberattacks, indicating that organizations are aware that threats are fast spreading across multiple communication platforms.

Despite the fact that email is deemed the "riskiest" work-based channel, respondents say they feel the most confident in their organization's ability to stop attacks of this kind (83%). However, outside of email, confidence to defend against threats majorly decreases: Teams (61%), social media (51%), SMS/WhatsApp (50%) and Slack (40%).

Employees Trust Collaboration Tools More Than Email

Worryingly, despite a lack of confidence in being able to detect threats on these platforms, two-thirds (66%) of respondents believe employees are more likely to trust messages received through internal collaboration platforms.

This creates a dangerous security gap. Employees inherently trust collaboration tools, while security teams often have reduced visibility and confidence in detecting threats within them. As attackers target these trusted channels more frequently, they can exploit users who are less suspicious than they would be when interacting with traditional email-based communications.

AI is the Next Major Security Concern and Organizations are Underprepared

Organizations face a significant preparedness gap when it comes to AI-related concerns, with these accounting for more than 30% of readiness challenges, the Infosecurity Europe survey found. The findings suggest that while UK organizations feel equipped to handle traditional email threats, many are less prepared for the speed, sophistication and scale of AI-driven attacks.

While phishing remains the most immediate perceived threat, respondents expressed greater uncertainty about their ability to defend against deepfakes, AI-generated social engineering, AI-powered impersonation and attacks targeting AI systems and agents. KnowBe4's Phishing Threat Trends Report also revealed that 86% of phishing attacks globally are now AI driven.

Employees Not Regularly Trained on Threats Outside of Email Phishing

KnowBe4's Infosecurity Europe survey found that while most organizations provide some form of training beyond email, only 41% do so regularly. Worryingly, 13% of respondents said that they "never" train users on Teams, Slack or SMS threats. Given that 62% are seeing attacks move beyond email and two-thirds believe employees trust collaboration tools more, the level of non-email security awareness training poses a risk to organizations.

"As email security awareness has improved, cybercriminals have had to shift their tactics to other trusted communication channels," said Javvad Malik, lead CISO advisor at KnowBe4. "Collaboration tools offer new opportunities for attackers to exploit the confidence people place in everyday workplace interactions. In tandem, AI is making phishing, impersonation and social engineering attacks more convincing and difficult to detect. Organizations need to ensure employees are equipped to recognize threats wherever they appear and also invest in tools that can monitor, detect and respond to threats across collaboration platforms, rather than relying solely on traditional email security controls."

To find out more about KnowBe4's security awareness training and collaboration security, visit: knowbe4.com.