by Matt Solomon

The Percentage of Employees Clicking Phishing Emails Explains Much About Cybercrime

Have you been diligent about cybersecurity training with staffers? Are you confident that your staff isn’t going to fall for clever cybercriminal tricks? There’s just no way they’re going to interact with that obviously sketchy email, right? Wrong. Even though you’d think that everyone would be savvy about the risks that come from email-based threats, you’ll be shocked at how high the percentage is of employees still clicking phishing emails.

Yep, They’re Still Falling For It

In 2020, the combination of a global pandemic, economic uncertainty, and a whole world full of new remote workers created a solid payday for cybercriminals, resulting in a 85% overall increase in all categories of cybercrime for the year, including a more than 600% increase in phishing attacks. That’s just the tip of the iceberg – every category of phishing related threat from ransomware to business email comromise (BEC) was a growth industry in 2020 as well.

Your staff is receiving more phishing attempts than ever. While some will get caught by your secure email gateway, (and the majority would be caught by automated phishing defense using Graphus), the sheer volume of email that your staffers are handling combined with pandemic stress means that your staffers are getting a lot more phishing email – and clicking on it.

Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>

It’s Worse Than You Think

The numbers don’t lie: employees are regularly getting and falling for phishing emails every day. In a recent study of North American staffers, experts discovered that:

  • 67% of clickers (13.4% of overall users) submitting their login credentials, also up substantially from 2019, when just 2% submitted their credentials.
  • The Public Sector and Transportation sectors struggled the most, posting a click rate of 28.4%.
  • The Education and Finance & Insurance sectors performed considerably better than others, with click rates of 11.3% and 14.2%, respectively.
  • Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate. This means that a little over 7 out of every 10 clickers willingly compromised their login data.
  • Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.

The danger to your organization is real and it is growing. We recently reported on the data that we gathered from BullPhish ID users in 2020 and it’s indisputable: Employees at companies of any size in any industry are prime targets for cybercrime because they will clock phishing email. Here’s how to fight back and transform your staffers from new cybersecurity risks into new cybersecurity team members.

The Pathway to Phishing Resistance Success

In just the first three months of 2020, workers were hit with 30,000 more “suspicious messages,” and a 667% increase in related spear phishing. Every message that one of your staffers receives could be the one that kicks off an expensive cycle of cybersecurity disaster. But you can reduce that risk with security awareness training that includes phishing resistance using a dynamic solution like our freshly updated and upgraded BullPhish ID.

We’ve implemented new innovations in phishing training in this new release, but it’s still a cost-effective training solution. It includes all of the features and benefits that you loved from the original BullPhish ID, with new capabilities that make it really a one-size-fits-all testing and training solution that fits every business and budget. SEE DETAILS ABOUT IT>>

Password danger can be created by IoT Cybersecurity risk too & healthcare ransomware attacks

Would you trust a flimsy lock for your front door? Add a stronger lock between cybercriminals and your business when you learn to Build Better Passwords. GET IT>>

Training That’s Painless for Everyone

Customizable training materials including the ability to add attachments opens up new vistas of training for companies, allowing for the creation of industry-specific and especially tempting phishing simulation emails. That’s incredibly important right now because spear phishing, powered by a vast amount of new Dark Web Data, is the biggest risk that your employees need to be ready to fight – a new phishing attack is launched every 39 seconds.

We’ve also added a user-friendly and trainer-friendly customizable training portal to make the whole process easier and more pleasant for everyone (as long as you don’t make GoDaddy’s training blunder). Employees being trained don’t have to hunt for emails and calendar invites or find lost attachments with directions about how to train. Now, they can just log in to their training portal and everything that they need to complete each phase of training is right there.

That makes the training process much more streamlined for trainers too, with simple, fast remote management and online testing to measure retention plus this new set of tools to refine your training, enabling you to pivot quickly as the threat landscape evolves. Keeping track of groups and their progress is a snap when you can add and delete training or dispatch specialized phishing simulation content through the user portals. Plus, white-labelling allows personalization of the portals, URLs and training materials.

The Bottom Line: Facts Don’t Lie

There are a few more facts to remember as we process the dismal fact that 25% or more of employees are still falling for phishing. Like the fact that regular security awareness training including phishing resistance reduces your chances of suffering a damaging cybersecurity disaster by up to 70%. Or the fact that if you undertake training and refresh it at least quarterly for all of your users, it sticks.

Also, we’re not stopping here with the upgrades to BullPhish ID. We’re continuing to innovate in both function and content. We’re still releasing several new plug-and-play phishing simulation training kits in 8 languages and video lessons every month. Very soon, we’ll have two more innovations that will make training a snap: improved reporting that presents detailed information in a simple way to show the value of training, and new options for buying and selling BullPhish ID.

As you kick off the new year, it’s also time to kick off a new commitment to fighting back against cybercrime like phishing – and of course, we’ve got your back. Set up a call with one of our cybersecurity solutions experts today to see the new BullPhish ID and learn how it can help affordably protect data and systems from today’s biggest threat. SCHEDULE A CALL>>

social media phishing scammers

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


See our innovative, cost-effective digital risk protection solutions in action.


Contact us for an expert analysis of your company security needs and a report on your Dark Web exposure!


 a red star wit ha request for guest bloggers who may have insight on outbound email data breach risk

Our Partners and Channel colleagues have valuable insight into cybersecurity today – and great stories to tell! Contribute a guest post to our blog and let’s hear all about it!

Share This Post!