The Problem

There’s a notion phishing training and phishing simulation are no longer having the same impact they once did in the early days of cybersecurity awareness.

Many people feel the phishing simulations and phishing training courses they are often mandated and required to complete at their work are comical and can’t believe anyone would click on such cyberattacks.

Reality paints a much different picture than the memes floating around online and shared by thousands on social media, often poking fun at those who fall victim, thus requiring more extensive phishing training awareness.

In a recent review of our phishing simulation and phishing test data, we noticed some alarming trends, especially within industry sectors and markets with access to some of our most private data.

The Numbers

The agriculture and food services sector reported the highest failure rates among all industries at 8.2 percent.

Banking and financial institutions followed close behind with a 7.8 percent phishing simulation failure rate and the legal sector rounded out the top three in the annual report at 7.1 percent.

Automotive part manufacturers failed phishing simulations at a rate of 7.0 percent while government organizations claimed the fifth worst ranking at a 6.8 percent failure rate on phishing simulations, edging out the insurance sector at 6.7 percent.


To put these phishing simulation numbers into perspective, that means an employee with potential access to: classified documents, private information, account credentials, vendor and supplier information and financials, or a number of other non-public items opened a door for a hacker or cybercriminal.

That door may not always lead to direct access to information, but can allow nefarious actors an opportunity to wreak havoc on an organization with ransomware attacks or simply turning systems off or delaying shipments and payments.

The Solution

A layered cybersecurity defense approach with limited access to information allowing only employees who need access as a core job function, encrypting data, and limiting exposure is the safest way to mitigate the error embedded within the human element.

Continued phishing training and phishing simulation testing can result in improved failure rates and lessen your organization’s exposure to the real cost of ransomware and phishing attacks.

Without a holistic cybersecurity defense solution, gaps in the armor may often go overlooked and unchecked. The human element is the most dangerous weak spot in today’s high-tech, cyber environment.

Awareness is a crucial component of security posture and phishing training and phishing simulation are a necessity every organization should mandate and require for every employee.

Assigning and requiring phishing training and phishing simulations to employees is only the beginning.

Simply completing a course does not increase cybersecurity awareness. Passing continuous, topical, and timely phishing simulations and tests, assigning immediate remedial phishing training on any failure, and understanding what other potential blindspots are present daily with ongoing training email campaigns will provide continued learning with reduced risk as the end goal.

For more on phishing simulation and the many features our phishing simulator and overarching solution offers, check out the ecosystem overview to see how PhishingBox can alter your cybersecurity awareness for the better.