Millions of Emails Sent in Thousands of Phishing Attack Simulations Reveal How Frequently Enterprise Employees Fall Victim to Phishing Attacks

Share Now


PhishMe 2015 Enterprise Phishing Susceptibility Report Shows Which Type of Attack Emails Have Highest Penetration Rates, Provides Guidance on How to Reduce Risk

LEESBURG, Va. – December 21, 2015 – PhishMe® Inc., the pioneer in human-phishing defense solutions, today released the 2015 Enterprise Phishing Susceptibility report. Data was gathered from 8 million phishing simulation emails sent to 3.5 million enterprise employees to provide analytics showing how susceptible enterprise employees are to falling victim to phishing attacks — the most common cyberattack vector in use today. Additionally, the report demonstrates how effective training can condition employees over time to spot, report and help defend their organizations against phishing.

The most salient of the findings were related to understanding which type of attacks had the highest penetration rates, including:

  • 87% of the employees who opened a phishing simulation email did so on the day it was sent – which means organizations have little time to catch a targeted attack aimed at multiple employees.
  • 67% of those who responded to a phishing email are repeat offenders and likely to respond to another phishing attempt.
  • Business communication themed emails were most effective at phishing; those with the subject lines “File From Scanner” (36%) and “Unauthorized Activity/Access” (34%) had the highest penetration rates.

In addition to demonstrating how frequently phishing emails slip past employees, the report also revealed that through effective training, employees can be turned into valuable security assets that can serve as a layer of intelligence and defense against attacks. Behavioral conditioning decreased susceptible employees’ likelihood to respond to a malicious email by 97% after just 4 simulations.

“Analytics resulting from the report reveal three very pertinent conclusions — that enterprises remain vulnerable to phishing-driven compromises, they need to place more reliance on employees to help them defend their organizations, and consistent training turns employees into informants that can spot attacks before they turn into catastrophes,” said Rohyt Belani, CEO and co-founder, PhishMe.

To view the full research report findings, visit

Connect with PhishMe


About PhishMe

PhishMe® is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector – spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response and reduce the risk of compromise.





Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.