A report from Optery's 2026 Enterprise Social Engineering Survey shows that 96% of cybersecurity leaders say social engineering attacks have increased in the past year, and 77% believe their employees' personal data is exposed on data broker sites. the findings, based on 420 security leaders surveyed this year, reveal that legal data brokers—not the dark web—are now the primary source of intelligence for hackers launching ransomware and impersonation attacks.

96% of security leaders report rising social engineering attacks—and 77% say employee data is exposed

According to the Optery survey,nearly all respondents—96%—reported an increase in social engineering attacks over the past year, and more than half said the trend is straining their defences. Around three-quarters of the leaders surveyed said their organisations had been compromised as a result of such attacks.. The report's most stark statistic: only 3.6% of respondents are confident their employees' personal data—including home addresses, phone numbers, and family member names—is not readily available online.

Why Jaguar Land Rover, MGM, and US airlines were compromised by impersonation

The report highlights several high-profile breaches that used data broker intelligence. Last year's attack on Jaguar Land Rover saw billions wiped off the British car maker's annual turnover, while retailer Marks and Spencer fell victim after hackers impersonated an employee. A similar attack on US airlines in 2025 prompted an FBI national security alert, warning that hackers were using employee identities to trick IT support desks. According to the survey, IT staff are the primary targets—80% of attacks focus on them, compared to 42% for executives and 33% for help desk staff. The method is not new: similar attacks previously took down MGM and Caesars Palace in Las Vegas.

Data brokers now outrank the dark web as the top intelligence source for hackers

Optery's survey found that 98% of security leaders rate data broker and people-searching sites—such as Whitepages and 192.com—as the biggest source of employee information for hackers, compared with around 90% for social media and the dark web. Lawrence Gentilello, CEO and founder of Optery, noted: 'Leaked ransomware group communications, incident investigations, and government advisories all point to the same pattern: attackers are using commercially available data aggregation services to identify employees, map organisations, and gather the personal and professional information needed to carry out targeted attacks.' He cited examples including the Black Basta group, the Scattered Spider campaign, and the 0ktapus campaign, which targeted more than 130 organisations and stole nearly 10,000 credentials.

What Optery's survey leaves unanswered: the missing prescription for defence

While the report clearly diagnoses the problem—data broker exposure—it offers little guidance on how companies can reduce their risk. The survey captures leaders' awareness but does not evaluate the effectiveness of potential countermeasures such as opting out of data broker sites, employee training, or IT policy changes. It also does not name the specific data broker sites most frequently used by attackers, nor does it track how quickly employee data can be removed once exposed.. These gaps mean that organisations are left with a clear warning but no clear playbook for response.