Cybersecurity leaders are increasingly concerned about their ability to detect threats as attackers shift beyond email to collaboration platforms such as Slack and Microsoft Teams. According to new research from KnowBe4, many organizations lack confidence in their visibility across these non-email channels, despite their growing use in cyber-attacks.
An in-person survey of 169 cybersecurity professionals, conducted at Infosecurity Europe 2026, found that 50% said their organization lacks strong confidence in detecting threats across messaging and social platforms.
This despite 60% stating that cyber-attacks are already moving beyond email.
The Infosecurity Europe survey also found that non-email channels (like Slack, Teams, social media or WhatsApp) were selected by more than half of respondents as ‘most vulnerable’ to cyber-attacks. Organizations appear to be aware that threats are fast spreading across multiple communication platforms.
Phishing emails still have a top place as the biggest threat to organizations (61%), above AI generated threats, insider threats and malware, according to this study.
While multi-channel attack methods are rising, email is deemed the ‘riskiest’ work-based channel.
However, respondents said they feel the most confident in their organization’s ability to stop attacks of this kind (83%). Outside of email, confidence to defend against threats majorly decreased: Teams (61%), social media (51%), SMS/WhatsApp (50%) and Slack (40%).
“As email security awareness has improved, cybercriminals have had to shift their tactics to other trusted communication channels,” said Javvad Malik, lead CISO advisor at KnowBe4.
“Collaboration tools offer new opportunities for attackers to exploit the confidence people place in everyday workplace interactions. In tandem, AI is making phishing, impersonation and social engineering attacks more convincing and difficult to detect.”
Malik advised organizations to ensure employees are equipped to recognize threats wherever they appear and invest in tools that can monitor, detect and respond to threats across collaboration platforms, rather than relying solely on traditional email security controls.
Most organizations provide some form of training beyond email, only 41% do so regularly. Worryingly, 13% of respondents said that they ‘never’ train users on Teams, Slack or SMS threats.
