top of page

The Impact of Phishing Simulations on Prevention of Malicious Emails

Despite the growing adoption of various tools for collaboration and communication in enterprises, email remains a top security concern, viewed as the most vulnerable communication and collaboration tool within organizations, according to recent IRONSCALE research. The study highlights phishing attacks (34%) and business email compromise (BEC) scams (26%) as the top threats that have successfully evaded existing security measures in the past year.

Dave Gruber, Principal Analyst at ESG, emphasized that while organizations utilize multiple tools for communication and collaboration, email stands out as the most vulnerable channel for threat actors. However, there is good news as organizations are actively working to strengthen all communication and collaboration channels, including email.

The research report also reveals persistent gaps in email security controls despite efforts to prioritize and invest in this area. Notably, a significant percentage (23%) of respondents indicated that their current email security strategy lacks comprehensive security awareness training and assessments. Additionally, a quarter of the respondents consistently expressed concerns about inbound email attacks evading and breaching native security controls.

While some organizations continue to rely on native security controls provided by their cloud email solution providers, more than a third (34%) have already implemented additional third-party security controls to address these gaps. Another 46% plan to do so within the next 12 months.

While native tools provide some essential security measures, combating advanced phishing attacks requires a more sophisticated set of tools. Enterprises are recognizing the need to complement their AI-powered email security solutions with collaborative human insights to effectively counter emerging threats leveraging social engineering and AI.

The report emphasizes the ongoing importance of adhering to security fundamentals and best practices, including regular assessments for shadow IT, clear responsibilities for security and management, and continual analysis of existing security stacks.

IRONSCALES also conducted an analysis of its own customer data, derived from over 10,000 global enterprises, to assess the effectiveness of security awareness programs. The analysis revealed that the frequency of phishing simulations conducted per year has a direct impact on the prevention of employees falling for malicious emails. Increasing the frequency of simulations leads to higher report rates and a decreased likelihood of employees clicking on malicious links. Even a moderate increase in simulations, involving end-users in 11-15 phishing simulations per year, significantly boosted report rates by more than 130% and reduced click rates by over 20%.



bottom of page