It's no secret that phishing can deal significant damage to a company's trust, operation, and value. But for those who have yet to be phished (that they are aware of), what might a successful phish look like? There are a few possibilities:

Stolen Credentials

A phishing email could aim to steal credentials to a login. Maybe a Google or Microsoft account, maybe HR or Accounting software. Anything of value to your company that someone could gain access to could be a target.

Chaos

Maybe a malicious actor is some sort of anarchist, and just wants to watch your company burn. They could steal information for a social media account, or pretend to be a high level executive, and ruin the company's public perception. They could also get into Google Drive or OneDrive and start deleting everything. Somewhat of a scorched earth policy.

Corporate Espionage

Nation state, a competitor, or your own government. Someone could be sneaking their way in to spy on how you manage to get it done. There's been no shortage of corporate espionage through phishing, and it won't end anytime soon.

There are many more possible reasons someone may be out to phish you. The best thing you can do to protect against any reason is to get training, and get educated so you can spot the phish.