New research released today by KnowBe4, the global leader in digital workforce security, securing both AI agents and humans, has revealed a significant readiness deficit when it comes to modern threat detection and prevention across platforms like Slack, Teams and other collaboration tools. Notably, the research also revealed that half of organisations lack strong confidence in detecting threats across messaging and social platforms, despite 60% saying that threats are already moving beyond email.
An in-person survey of 169 cybersecurity professionals at Infosecurity Europe 2026 found that while organisations remain confident in their ability to defend against traditional attacks such as phishing via email, many lack confidence in detecting and securing threats across channels including collaboration tools, messaging apps and social media. The findings also highlight how evolving multi-channel attack methods are affecting the preparedness of both security leaders and employees.
Threats Quickly Moving Beyond Email
More than half (54%) of respondents still consider traditional phishing emails as the biggest threat to their organisation – above AI generated threats, insider threats and malware – though 6 in 10 respondents have observed attacks moving beyond email. This suggests multi-channel attacks are becoming mainstream. Attackers increasingly target Microsoft Teams, Slack, SMS and WhatsApp to reach victims. This aligns with wider industry trends around “cross-channel social engineering.” Notably, The KnowBe4 Phishing Threat Trends Report Volume Seven revealed a 41% surge in Teams-based attacks between October 2025 and March 2026.
The Infosecurity Europe survey also found, non-email channels (like Slack, Teams, Social Media or WhatsApp) were selected by more than half of respondents as ‘most vulnerable’ to cyberattacks, indicating that organisations are aware that threats are fast spreading across multiple communication platforms.
Despite the fact that email is deemed the ‘riskiest’ work-based channel, respondents say they feel the most confident in their organisation’s ability to stop attacks of this kind (83%). However, outside of email, confidence to defend against threats majorly decreases: Teams (61%), social media (51%), SMS/WhatsApp (50%) and Slack (40%).
Employees Trust Collaboration Tools More Than Email
Worryingly, despite a lack of confidence in being able to detect threats on these platforms, two-thirds (66%) of respondents believe employees are more likely to trust messages received through internal collaboration platforms.
This creates a dangerous security gap. Employees inherently trust collaboration tools, while security teams often have reduced visibility and confidence in detecting threats within them. As attackers target these trusted channels more frequently, they can exploit users who are less suspicious than they would be when interacting with traditional email-based communications.
AI is the Next Major Security Concern and Organisations are Underprepared
Organisations face a significant preparedness gap when it comes to AI-related concerns, with these accounting for more than 30% of readiness challenges, the Infosecurity Europe survey found. The findings suggest that while organisations feel equipped to handle traditional email threats, many are less prepared for the speed, sophistication and scale of AI-driven attacks.
While phishing remains the most immediate perceived threat, respondents expressed greater uncertainty about their ability to defend against deepfakes, AI-generated social engineering, AI-powered impersonation and attacks targeting AI systems and agents. KnowBe4’s Phishing Threat Trends Report also revealed that 86% of phishing attacks globally are now AI driven.
Employees Not Regularly Trained on Threats Outside of Email Phishing
KnowBe4’s Infosecurity Europe survey found that while most organisations provide some form of training beyond email, only 41% do so regularly. Worryingly, 13% of respondents said that they ‘never’ train users on Teams, Slack or SMS threats. Given that 62% are seeing attacks move beyond email and two-thirds believe employees trust collaboration tools more, the level of non-email security awareness training poses a risk to organisations.
“As email security awareness has improved, cybercriminals have had to shift their tactics to other trusted communication channels,” said Javvad Malik, lead CISO advisor at KnowBe4. “Collaboration tools offer new opportunities for attackers to exploit the confidence people place in everyday workplace interactions. In tandem, AI is making phishing, impersonation and social engineering attacks more convincing and difficult to detect. Organisations need to ensure employees are equipped to recognise threats wherever they appear and also invest in tools that can monitor, detect and respond to threats across collaboration platforms, rather than relying solely on traditional email security controls.”
To find out more about KnowBe4’s security awareness training and collaboration security, visit: knowbe4.com.
This follows news from KnowBe4 who have announced Alex Callihan as their new CTO.
