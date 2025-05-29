Research Finds Training Produces Huge Reductions in Phishing Attack Success

Click rates dropped by as much as 86 percent.

May 29, 2025
Phishing Tadamichi
iStock.com/tadamichi

KnowBe4 recently launched its Phishing by Industry Benchmarking Report 2025, which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks. It can be an indicator of the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1 percent - meaning one-third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).

The data underscores the significant impact of SAT in mitigating risk. The rapid decline in the global PPP following the implementation of training — falling by 40 percent in just three months and by a total of 86 percent after 12 months — demonstrates that ongoing, effective training leads to lasting behavior change and a substantial reduction in vulnerability to cybersecurity threats. This highlights the critical role of continuous education in building a stronger security culture within organizations. 

KnowBe4 analyzed 67.7 million phishing simulations across 14.5 million users from over 60,000 organizations. The baseline PPP (33.1 percent) reflects an organization’s susceptibility to phishing before any KnowBe4 training. Employees then undergo KnowBe4’s SAT, and the PPP is recalculated after 90 days and again after one year-plus of ongoing training to quantify the program’s effectiveness.  

The report also found that larger organizations faced a higher initial phishing risk, with those having 10,000+ employees showing a global baseline PPP of 40.5 percent, compared to 24.6 percent for organizations with 1-250 employees. 

“The data speaks for itself — security awareness training truly makes a difference,” said Stu Sjouwerman, CEO of KnowBe4. “From 2024 to 2025, the general trend has remained fairly consistent — around one-third of employees click on a simulated phishing link before taking part in training. However ... within a year, we’ve seen a 3.5 percent decrease in the global baseline PPP, highlighting a positive shift in overall security awareness worldwide. However, there is still significant progress to be made in fully addressing phishing risks." 

A copy of the report is available by clicking here

Latest in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
May 1, 2025
Computer Crime Concept 516607038 2125x1416 (1)
Survey Finds Zero-Day Threats and Compliance Failures Driving Vendor Selection
May 29, 2025
Financial Cyber
The $100 Infostealer Threat That is Devastating Companies
May 29, 2025
Soc
Research Shows Cybersecurity Driving Manufacturing Growth
May 28, 2025
Related Stories
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Survey Finds Zero-Day Threats and Compliance Failures Driving Vendor Selection
Financial Cyber
Cybersecurity
The $100 Infostealer Threat That is Devastating Companies
Soc
Cybersecurity
Research Shows Cybersecurity Driving Manufacturing Growth
Today in Manufacturing Podcast
Sponsor Content
Today in Manufacturing Podcast
More in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
Today in Manufacturing has a new podcast brought to you by the editors of Industrial Media. In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward.
May 1, 2025
Financial Cyber
Cybersecurity
The $100 Infostealer Threat That is Devastating Companies
Insights from the dark web reveal the low cost-high reward dynamics of new data breach attacks.
May 29, 2025
Soc
Cybersecurity
Research Shows Cybersecurity Driving Manufacturing Growth
More are reframing cybersecurity as a core driver of innovation, resilience and productivity.
May 28, 2025
Sbd Vadim Shechkov
Cybersecurity
Embedding Stronger Product and Supply Chain Security
Secure by Design is no longer a technical aspiration - it’s a strategic necessity.
May 28, 2025
Ep139tn
Cybersecurity
Security Breach: 'We've Made Our Own Prison'
Insider threats are creating new attack vectors, but old-school solutions could rise to the challenge.
May 28, 2025
General Cyberattack
Cybersecurity
Scenario-Based OT Solution Preps Industrial Teams
It's designed to upskill red and blue teams with OT-specific, real-world detection and response capabilities.
May 22, 2025
Phishing Tadamichi
Cybersecurity
The Top 4 Developments in Phishing Schemes
The bad guys continue to evolve.
May 22, 2025
Encryption
Cybersecurity
Should Manufacturers Focus on Cybersecurity or Cyber Resilience?
One could be essential for the future of manufacturing.
May 22, 2025
Cybersecurity In A Bubble
Cybersecurity
Why Industrial Edge Cybersecurity Demands a Fresh Approach
Vulnerabilities persist because cybersecurity is an afterthought, rather than embedded from the ground up.
May 22, 2025
Coding
Cybersecurity
Shoring Up Digital Trust in Manufacturing: From DMARC Awareness to Full Protection
While most have this email guidance in place, the actual protection rate is significantly lower.
May 22, 2025
Us Binary Flag Mirsad Sarajlic
Cybersecurity
CISA Warns of New Threats Targeting U.S. Industrial Sector
Bad actors include a highly volatile infostealer, and cyber espionage schemes targeting support for Ukraine.
May 22, 2025
A bus passes a branch of Marks and Spencer in London, Tuesday, Aug. 18, 2020.
Cybersecurity
Retailer Says Cyberattack Will Cost $400 Million
And disruptions are ongoing.
May 22, 2025
Smishing Attack Fran Rodriguez
Cybersecurity
Cybercriminals Are Having More Success with Low-Tech, Human-Centric Attacks
The manufacturing sector remains the most targeted sector in the email threat landscape.
May 15, 2025
Hacking Alarm
Cybersecurity
The Pros and Cons of Implementing a Bug Bounty Program
While not new, the approach is gaining traction.
May 15, 2025
Soc
Cybersecurity
Building a Cybersecurity-First Culture in U.S. Manufacturing
Nation-state threats and AI tools have made it vital to embed cybersecurity into workplace culture.
May 15, 2025