Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Uc San Diego study questions phishing training impact

Results show standard annual training barely reduces phishing failure rates.

byEmre Çıtak
September 8, 2025
in Cybersecurity, Research

A recent study at UC San Diego Health raises questions about the effectiveness of mandatory phishing awareness training, a common cybersecurity training method used across corporate America. The research, conducted over eight months in 2023 with nearly 20,000 employees, examined whether these programs significantly reduce employee susceptibility to phishing attacks.

Evaluating phishing awareness training

The study subjected employees to 10 simulated phishing campaigns to assess if standard annual training improves the ability to recognize and avoid malicious emails. Results showed no meaningful decrease in phishing failure rates, regardless of when employees last completed the training.

Grant Ho, assistant professor at the University of Chicago and co-author of the study, stated, “That suggests the mandatory cyber awareness training did not provide beneficial security knowledge to users.”

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Key findings on employee cybersecurity behavior

  • Employees who completed training showed only minor improvement, with average phishing failure rates dropping by just 1.7%.
  • Immediate post-training results showed high failure rates, indicating limited impact of traditional cybersecurity training programs.
  • Engagement with online modules was low: more than three-quarters of employees spent under one minute on the material, and 37–51% closed the training page almost immediately.

Ho noted employees often treat training as an interruption, checking emails or browsing the web instead, reducing retention and attention.

Testing different cybersecurity training approaches

Researchers segmented employees into groups after phishing simulations:

  1. General cybersecurity tips
  2. Interactive Q&A modules
  3. Detailed briefings on the specific simulated attack
  4. A combination of these methods
  5. Control group with no follow-up training

Interactive Q&A lessons produced the largest measurable benefit, but only when employees fully engaged. Completion of interactive training reduced susceptibility to phishing attacks by 19%, highlighting the potential of interactive approaches. Low completion rates, however, limited the overall effectiveness.

The study also suggested that employees who voluntarily complete training may already have traits that make them less susceptible to phishing attacks, raising questions about training versus inherent behavior.

Implications for enterprise cybersecurity

Phishing continues to pose a major threat, and relying solely on employee phishing awareness training leaves organizations vulnerable. The researchers recommend a multi-layered cybersecurity strategy, combining training with automated tools to detect and block suspicious messages before they reach inboxes.

Ho concluded,

“Training as it is commonly deployed does not provide sufficient protection from phishing on its own.”


Featured image credit

Tags: CybersecurityFeaturedphishing

Related Posts

Wiz: AI vibe coding leads to insecure authentication

Wiz: AI vibe coding leads to insecure authentication

September 29, 2025
DHS uses AI to detect AI-generated child abuse material

DHS uses AI to detect AI-generated child abuse material

September 29, 2025
OpenAI: GDPval framework tests AI on real-world jobs

OpenAI: GDPval framework tests AI on real-world jobs

September 26, 2025
Hugging Face: AI video energy use scales non-linearly

Hugging Face: AI video energy use scales non-linearly

September 26, 2025
Salesforce Agentforce hit by Noma “ForcedLeak” exploit

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

September 26, 2025
Co-op Group reports £75m loss after April cyber-attack

Co-op Group reports £75m loss after April cyber-attack

September 25, 2025

LATEST NEWS

Amazon Kindle Scribe Colorsoft adds color, AI tools

Sony WH-1000XM5/6 adds Gemini Live, Fast Pair audio share

WhatsApp: Meta AI to get incognito mode for private chats

PayPal Honey integrates with ChatGPT for product deals

Microsoft Copilot tests portraits using VASA-1 AI

Telegram CEO Pavel Durov: 2013 Bitcoin investment funds my lifestyle

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.