What is it about?
Our large-scale empirical study examined phishing simulation campaigns across 36 organizations over three years, analyzing 68,743 delivered emails from 96 distinct campaigns to understand factors influencing user susceptibility to phishing attacks. The overall findings revealed that 29.22 percent of emails were opened, 8.91 percent resulted in link clicks, and 0.61 percent led to credential submission on landing pages. Notably, campaigns without data submission requests achieved nearly double the click rates of those requesting sensitive information, suggesting users behave more cautiously when encountering threatening messages about account compromises.
Featured Image
Photo by Anne Nygård on Unsplash
Why is it important?
The research addressed a significant gap in the existing literature, which typically focuses on individual organizations and offers limited generalizability. The research reveals significant disparities between industry reports claiming 30-33 percent click rates and academic findings averaging 9-19 percent. These discrepancies may reflect reporting bias or genuine differences in measurement methodologies.
Read the Original
This page is a summary of: Different Seas, Different Phishes – Large-Scale Analysis of Phishing Simulations Across Different Industries, August 2025, ACM (Association for Computing Machinery),
DOI: 10.1145/3708821.3733905.
You can read the full text:
Contributors
The following have contributed to this page







