Security

AI Cuts Cybercrime Costs While Boosting Attack Success Rates

Automated phishing campaigns now match human experts in effectiveness while requiring far less time and money to execute.

Omega Editorial· July 19, 2026· 3 min read

Artificial intelligence is reshaping the cybercrime landscape by dramatically lowering the cost of attacks while simultaneously increasing their effectiveness. Recent academic research reveals that AI-automated phishing emails achieve a 54 percent click-through rate—identical to campaigns crafted by human experts and more than four times the 12 percent rate of generic phishing attempts.

This shift represents a fundamental change in the economics of cybercrime. Historically, cybercriminals operated under constraints of time, labor, expertise, and cost. AI is now reducing all four constraints at once, creating what researchers describe as a force multiplier for attackers. The financial stakes are enormous: cybercrime costs are projected to reach $14 trillion by 2028, with phishing and social engineering attacks each costing enterprises an average of $4 million per breach.

Why it matters

The traditional defense strategy of training employees to spot suspicious emails is becoming obsolete. AI-generated attacks no longer contain the telltale signs—poor grammar, unusual formatting, generic messaging—that vigilant employees once relied on to identify threats. Instead, AI enables highly personalized attacks that exploit internal knowledge, organizational workflows, and trusted relationships. The infamous Hong Kong deepfake incident, where an employee transferred $25 million after a video conference with AI-generated impersonations of executives, illustrates how convincing these attacks have become.

The new attack economics

Spear phishing, which targets specific individuals with customized messages, previously required substantial human effort. AI has made these high-success-rate attacks easy to produce and deliver at scale. Research demonstrates that generative AI successfully reduces costs while increasing impact across three key areas: content creation, enhanced targeting and personalization, and attack automation.

The technology enables attackers to gather information, identify targets, and assess vulnerabilities with relative ease. When producing highly convincing campaigns becomes cheap while effectiveness remains high, attackers gain a significant economic advantage that defenders must counter with equal urgency.

Five immediate actions for leaders

Organizations cannot afford to delay their response to AI-enhanced threats. Dr. Jonathan Reichental, writing in Forbes, recommends five priority actions:

Update training programs to reflect the new reality of AI-driven attacks, particularly emphasizing that traditional warning signs may no longer be present.

Strengthen process controls around payments, data access, and workflow approvals to flag sophisticated social engineering attempts.

Expand simulations through tabletop exercises and online scenarios that test responses to AI-powered attacks—potentially using AI itself to generate realistic test scenarios.

Upgrade defensive tools, replacing outdated email gateways with AI-optimized systems designed to counter AI-powered threats.

Enhance governance by incorporating AI cyberthreat guidance into innovation, risk management, and digital trust frameworks.

The defender's challenge

While AI provides more sophisticated defensive tools, it simultaneously arms attackers with capabilities that execute faster, scale larger, and extract more profit. Organizations that fail to recognize this shift risk preparing for yesterday's threats instead of tomorrow's increasingly automated and convincing attacks.

These findings were first reported by Dr. Jonathan Reichental in Forbes, co-authored with Dr. Atdhe Buja of Commonwealth University of Pennsylvania.

#cybersecurity#artificial intelligence#phishing#social engineering#cybercrime#risk management

This is an original analysis by the Omega editorial team. Source reporting: AI Watch.

Want systems like this working for your business?

Book a Call

More in Security

Security· 3 min read

Period Tracker Apps Send Health Data to Third Parties, Audit Finds

Mozilla's privacy review of six popular menstrual cycle apps revealed extensive data sharing, with only one nonprofit tracker protecting user information.

Via WIRED · Jul 18, 2026
Security· 3 min read

Context Bombing Uses Prompt Injections to Stop AI Agents

Security researchers have flipped a common AI attack technique into a defensive tool that shuts down malicious LLMs before they escalate privileges.

Via WIRED · Jul 18, 2026
Security· 3 min read

AI Voice Cloning Drives $893M in U.S. Fraud Losses in 2025

FBI data shows criminals weaponizing deepfake audio and synthetic media to impersonate family members and trusted professionals in increasingly sophisticated scams.

Via AI Watch · Jul 17, 2026