Researchers from ETH Zurich conducted a study to investigate who is more prone to fall victim to phishing cyberattacks in a corporate context. The study involved 14,733 participants and was extended to a period of 15 months. The experts collaborated with a certain enterprise whose name was not revealed and the participants were not informed that a simulated phishing program was taking place.
How Did the Phishing Study Unfold?
Participants received phishing e-mails sent to their work e-mail addresses. The experts also deployed an email client button. The “Report Phishing” button had the role to let participants report dubious e-mails.
According to the study, six or fewer suspicious e-mails were reported by 90% of the employees, detecting a so-called “reporting fatigue” tendency. They also analyzed the reaction time and the flagging accuracy resulting in 68% accurate reports for phishing emails.
We can observe that the reaction time of the employee base as a whole is fast: on average around 10% of the reports arrived within 5 minutes; 20% within 15; and 30% to 40% within 30 minutes. (..) To apply these numbers to a hypothetical company of 1,000 employees where 100 of them are targeted by a phishing campaign, we
