CybeReady Shows ML Can Double Security Training Engagement

CybeReady is demonstrating is new phishing simulation statistics during the 2022 RSA Conference in San Francisco. In its review of millions of phishing simulations in 2022, CybeReady reveals insightful data show how certain phishing attacks may impact employees and the security posture of the company they work for more than others.

About 3.4 billion phishing emails are sent every day, according to data published by Checkpoint. With most cyberattacks occurring via phishing emails, we are unable to provide 100 percent protection via tech solutions alone. The best cyber defense technologies still miss 1.23 percent of phishing emails. That means an organization with 20,000 employees, exchanging 12 million emails per month, will have a miss rate of 147,600 emails per month.

In financial terms: with the average cost of being attacked now climbing to $14.8 million, up from $3.8 million in 2015, and with a million phishing emails missed per year, by default, one phishing email mistake can run a company out of business or create a serious headache.

In recent phishing simulation data CybeReady produced by CybeReady, interesting insights were revealed. For example, corporate employees were 1.75 times more likely to fall for a phishing email in their native language. Phishing simulations on financial notifications received the highest click rate of approximately 25 percent of the sample size, on average. CybeReady has collected more than 30 million data points gathered by phishing simulations sent to thousands of enterprise employees globally.
Insights From CybeReady’s Data Analysis include:

  • Machine Learning selected phishing simulations are twice more effective than randomly (manually) selected phishing simulations.
  • New employees are 50 percent more likely to fall for a phishing simulation, compared to employees who have been with an organization for more than a year.
  • Phishing simulations in an employee’s native language perform 75 percent better.

CybeReady recommends creating risk profiles for employees and activating intensified programs for new and high-risk employees. When distributing phishing simulations, the selection should be based on data analytics and use the employee’s native language, especially in global companies.

Effectiveness (or performance) in phishing simulations means that employees click on a link or open an email attachment. While that may sound counterintuitive to some, when it comes to phishing training these actions are required for generating a “teachable moment” for employees and companies should aim to maximize these learning opportunities.

“This data emphasizes the need for a data-driven training methodology,” said Omer Taran, CybeReady co-founder, and CTO. “Using random training content gets random results and is a relic of the past. Organizations are dynamic entity, and we need to adapt to both employees and the changing business landscape. This means training employees according to their language, locale, and risk level. Only data-driven training can adjust the training per the organization’s evolving needs to reduce risk.”

For more information, visit