15/10/2025
I managed to catch some of the ICO’s Annual Conference this week, and one of the most striking takeaways was how phishing attacks have evolved.
People who once felt confident spotting a scam are now more likely to click, and they do! Apparently, the numbers of employees clicking on the links or download buttons are increasing!
The reason? The increase in volume of attacks but also more elaborate methods used.
They’re no longer the clumsy, typo-filled scams we used to laugh at. Today’s phishing attempts are highly sophisticated, often powered by AI to generate convincing messages that use regional references, authentic branding, and even personal details from your digital footprint to make them believable.
Another key insight shared at the conference was that phishing isn’t just targeting CEOs or senior managers anymore. Attackers have realised that every member of staff, from IT administrators (the ones with “keys to the kingdom” as the presenter commented) to new starters, can be a gateway in. The more emails they send, the greater the chance someone clicks, downloads, or installs something that opens the door.
As the ICO and cyber experts reminded us, technology alone can’t protect us. The strongest defence is a blend of:
- Awareness – helping staff understand why they’re being targeted.
- Culture – encouraging people to question, report and share near misses.
- Design – embedding good practice into systems and processes from the outset.
- Training – annual mandatory training for all employees
Data protection and cyber security aren’t separate challenges, but shared responsibilities rooted in people, not just policies.
JH Data Protection Limited 
Leave a comment