Security Awareness Blog

Failing a Phishing Test - Rite of Passage

After several years of running phishing programs and working with other organization's on theirs, I'm starting to notice a trend. Sooner or later everyone falls victim to a phishing assessment. Heck, even I fell victim to a phishing assessment once, and it was my own assessment (happy to share that story, but the price is a beer at a local con). Here is the interesting part though, most people only fail once. It is almost as if failing a phishing test is a rite of passage, once you fall victim you truly remember the incident, rarely to ever fall victim again. The majority of people who I see falling victim each month are new hires. As they are new to the organization and new to awareness, they too have to experience failure to learn and grow from the experience (and change their behaviors).

So next time you run a phishing assessment, check to see how many of those people that fell victim are new hires. If they did fall victim, in some ways its a good thing as they are far less likely to fall victim again in the future.



Posted December 18, 2014 at 2:23 AM | Permalink | Reply

Cheryl Conley

What would we consider New Hire? Based on our diverse locations and business areas, you might be a New Hire based on payroll, New Employee Orientation or even transferring from business unit (which wouldn't count!)

Posted December 18, 2014 at 2:10 PM | Permalink | Reply


Good question. For me a "New Hire" would be anyone who is new to the organization within the past 30 days and has an organizational email account.