Cyberthreats in the Age of AI: What Every Channel Partner Needs to Know
As AI changes the way businesses operate, it’s also transforming how cybercriminals attack. The Sendmarc 2025 Cyberthreat Report: Email Security & DMARC in the Age of AI reveals a new wave of AI-powered phishing, ransomware, and impersonation threats — and what that means for your customers.
These insights are a call to action. Businesses urgently need guidance on how to protect their email domains and comply with new authentication standards. This blog summarizes key findings from the report and explains how DMARC can help your customers strengthen their defences in 2025.
Key Takeaways from the 2025 Cyberthreat Report
Email remains irreplaceable and highly targeted.
More than 361 billion emails are sent every day, and over 4.4 billion users rely on email for communication. This demand makes it a constant target for phishing, spoofing, and impersonation attacks.
AI is reshaping the threat landscape.
Generative AI is driving smarter, faster, and more convincing cyberattacks. 68% of breaches involved human error, and 68% of BEC attacks are now AI-generated, showing how automation is amplifying deception at scale.
Top business threats in 2025:
- Ransomware and extortion: One in three breaches involved these attacks, with a record $75 million ransom paid by a Fortune 50 company.
- Human manipulation and deception: BEC caused almost $3 billion in losses, exploiting human trust through phishing and impersonation.
- Credential theft and insider threats: GenAI is accelerating credential abuse; about 88% of breaches in the Basic Web Application Attacks category involved stolen credentials, which, along with social engineering, remained key entry methods for financially motivated bad actors.
- Supply chain and third-party compromise: Responsible for 15% of all breaches and among the costliest, averaging $5 million per incident and taking the longest to resolve.
- Shadow IT and Bring Your Own AI (BYOAI): Microsoft reports that 78% of employees use personal AI tools at work — rising to 80% in SMBs — creating governance and data-exposure risks.
DMARC adoption is accelerating globally.
Sendmarc observed a 58% increase in DMARC adoption worldwide between July 2023–2024 and July 2024–2025. Even more significant is that the number of domains enforcing a reject policy grew by 149% over the same period.
Regulation and compliance are driving action.
New mandates from Google, Yahoo, Microsoft, CISA, PCI DSS v4.0, Cloudflare, and others are transforming DMARC from a best practice into either a formal recommendation or requirement for many sectors.
Regional insight: the UK cybercrime challenge.
In the United Kingdom, half of all businesses reported a cyberattack in 2024, and phishing was the initial entry point for 85% of them. Supporting data from Statista echoes this trend — 58% of large and 45% of medium-sized businesses experienced cybercrime during the year. With such widespread exposure, the need for proactive email protection is urgent.
For UK channel partners, this represents an opportunity to help organisations strengthen their defences and achieve compliance with evolving email security mandates. Implementing and managing DMARC enforcement (reject) is one of the most effective ways to protect customers from impersonation, phishing, and fraud — while improving deliverability and building trust across their communications.
The message from the data is clear – your clients need protection.
“Securing your email identity matters more than ever before.” — Sam Hutchinson, Sendmarc CEO
As AI-fueled cybercrime accelerates, domain protection can’t wait. DMARC remains one of the simplest, most powerful ways to safeguard customers — and a key opportunity for partners to expand their cybersecurity offerings.
Read the full Sendmarc 2025 Cyberthreat Report – 2025 Cyberthreat Report
Share it with your customers to help them understand the threats shaping 2025 — and how to defend against them.
Get in contact with the Sendmarc UK team to learn how Sendmarc can help you and your customers stay secure.
Know Your Score
Sendmarc checks DMARC, SPF, DKIM, and the overall state of your domain.
We’ve created a tool that scores your organization’s vulnerability to fraudulent email activities like impersonation, phishing, and spoofing. It shows the current risk your domain presents to your organization’s cybersecurity.
