- Most phishing incidents occur earlier than new staff even perceive how inside methods work, report claims
- Safety consciousness ought to start on day one, earlier than the primary e-mail is even opened
- Hackers goal uncertainty, and onboarding is stuffed with it for keen, confused new hires
The primary few months of employment at the moment are one of many riskiest intervals for enterprise cybersecurity, new analysis has claimed,
Keepnet’s 2025 New Hires Phishing Susceptibility Report discovered practically three-quarters (71%) of latest hires fall for phishing or social engineering assaults inside their first 90 days on the job.
Typically missed in onboarding workflows, this shortcoming suggests many organizations aren’t doing sufficient to organize new workers for the fact of recent cyber threats.
Inexperience, urgency, and confusion drive early errors
The report, primarily based on information from 237 corporations, reveals new staff are 44% extra more likely to be deceived by phishing makes an attempt than their longer-tenured colleagues.
Most incidents stem from a mixture of inexperience, lack of familiarity with inside processes, and a need to adjust to directions.
Frequent assault sorts embrace CEO impersonation, fraudulent HR portals, pretend bill requests, and technical assist scams, a lot of which exploit this era of onboarding confusion.
The research additionally discovered phishing emails impersonating executives led to a forty five% greater success charge amongst new hires in comparison with tenured workers.
This hole demonstrates how even primary social engineering techniques might be disproportionately efficient in opposition to staff who’re nonetheless navigating organizational methods and norms.
With out devoted and structured coaching, these early errors can create long-lasting safety dangers.
To sort out this concern, Keepnet recommends that organizations undertake a layered protection technique tailor-made particularly for onboarding intervals.
Organizations that adopted adaptive simulations and behavior-based coaching packages noticed phishing danger drop by 30% after onboarding.
Conventional instruments like one of the best endpoint safety, finest FWAAS, and finest FWAAS answer stay important, however they don’t seem to be sufficient on their very own.
“Phishing assaults don’t wait in your staff to really feel prepared. Our analysis exhibits that organizations should put money into onboarding-specific cybersecurity consciousness coaching. We’re proud to supply adaptive, scalable options that shield companies from day one,” mentioned Ozan Uçar, CEO, Keepnet.
