Enterprises investing in employee phishing awareness training are seeing significant reductions in vulnerability, according to KnowBe4’s latest Phishing by Industry Benchmarking Report 2025. The report reveals that training is particularly effective in large organizations, with measurable improvements across all regions.
KnowBe4 tracks what it calls the Phish-prone Percentage (PPP)—the proportion of employees likely to fall for phishing or social engineering scams. Globally, the average baseline PPP starts at about 33%. However, organizations that implement training programs see this rate drop to 19% after just three months, and further to 4.8% after a year.
All regions reported over 80% improvement after one year of consistent training. North America led with a 90% improvement rate, closely followed by South America at 89%. Regions with the highest initial vulnerability included South America (39%), North America (37%), and Australia and New Zealand (37%). Among the most at-risk were large firms in Australia and New Zealand, where nearly 45% of employees initially clicked on simulated phishing links.
On the other hand, organizations in Asia and the UK & Ireland with fewer than 249 employees showed the strongest initial resistance, with fewer than 25% falling for phishing attempts.
Javvad Malik, Lead Security Awareness Advocate at KnowBe4, emphasized the evolving cybersecurity landscape in the UK and Ireland. “Advancements in AI, supply chain challenges, and a renewed focus on human behavior are reshaping security strategies,” he said.
Malik highlighted that sectors like healthcare, consumer services, and hospitality in the UK and Ireland often begin with stronger resilience, particularly among larger companies. These organizations typically have the resources to support more comprehensive training programs, leading to greater improvements over time.
The report also points to a cultural shift within companies. Increasingly, employers are viewing staff as active defenders against cyber threats. Rather than penalizing errors, organizations now promote a supportive environment where employees feel empowered to recognize and report suspicious activity.
“The most significant change is how businesses now view employees—as a vital first line of defense,” Malik added. “But ongoing training is crucial to maintain this momentum and embed lasting behavioral change.”
KnowBe4’s findings underscore the importance of sustained education in building a strong cybersecurity culture and minimizing organizational risk.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITpro.com
