I can say from personal experience that that is the case, but I don’t have any empirical evidence.

As someone who leads a major MDR and IR service, phishing was the root cause of about 7.5% of incidents last year. Exploits are #1 around 47% of incidents, followed by compromised credentials around 30% of incidents.

This only represents SME and Enterprise. Phishing likely could be #1 for individuals.

A quick Google search gives tons.

• Introducing Cloudflare’s 2023 phishing threats report: This report analyzes global survey responses, simulated phishing exercises and real-world attacks, and reveals a 1,265% increase in phishing emails since the launch of ChatGPT, a generative AI tool that can create convincing fake content¹.
• CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance: This guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware².
• The State of Phishing 2023: This report takes an in-depth look at cybersecurity threat trends with insights into how cybercriminals are swiftly advancing and what is required to stop them. It also highlights how attackers use deceptive links, identity deception, and brand impersonation to trick their victims³.
• 2023 ‘State of the Phish’ - Findings Sneak Peek: This study covers more countries and more threat types than ever, and uncovers critical gaps in people’s security knowledge and behavior. It also shows how today’s cyber threats are evolving and how attackers exploit the entities we trust and need to get work done⁴.
• The Biggest Security Threat of 2023? It’s Phishing: This article explains how phishing works and why it is still such a threat, and what you can do to keep yourself safe. It also warns about the dangers of spear phishing, HTTPS phishing, email phishing, and vishing⁵.

These are some of the sources that I found that support the claim that phishing is one of the top cyber security threats and vectors for 2023. I hope you find them useful and informative. 😊

Source: Conversation with Bing, 12/24/2023 (1) Introducing Cloudflare’s 2023 phishing threats report. https://blog.cloudflare.com/2023-phishing-report/. (2) Introducing Cloudflare’s 2023 phishing threats report. https://blog.cloudflare.com/2023-phishing-report/. (3) CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance. https://www.cisa.gov/news-events/alerts/2023/10/18/cisa-nsa-fbi-and-ms-isac-release-phishing-prevention-guidance. (4) CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance. https://www.cisa.gov/news-events/alerts/2023/10/18/cisa-nsa-fbi-and-ms-isac-release-phishing-prevention-guidance. (5) The State of Phishing 2023 | SlashNext. https://slashnext.com/state-of-phishing-2023/. (6) The State of Phishing 2023 | SlashNext. https://slashnext.com/state-of-phishing-2023/. (7) 2023 ‘State of the Phish’ - Findings Sneak Peek | Proofpoint US. https://www.proofpoint.com/us/blog/security-awareness-training/2023-state-of-the-phish-findings-sneak-peek. (8) 2023 ‘State of the Phish’ - Findings Sneak Peek | Proofpoint US. https://www.proofpoint.com/us/blog/security-awareness-training/2023-state-of-the-phish-findings-sneak-peek. (9) The Biggest Security Threat of 2023? It’s Phishing - MUO. https://www.makeuseof.com/biggest-security-threat-2023-phishing/. (10) The Biggest Security Threat of 2023? It’s Phishing - MUO. https://www.makeuseof.com/biggest-security-threat-2023-phishing/.

Why does it have to be number one?