High Phishing Simulation Scores Mask Real Security Gaps, Verizon Report Warns
The 2025 Verizon Data Breach Investigations Report, covering over 22,000 incidents across 139 countries, found that repeated phishing simulation training left employee failure rates essentially unchanged, with a median click rate of just 1.5% — a measurement, not a fix. Security experts argue that simulations train employees to recognize a known template, while real attackers deliberately craft attacks that fall outside those patterns. High-profile breaches at Coinbase, costing up to $400 million, and incidents tied to campaigns like EtherRAT, involved insider recruitment and trusted-platform abuse rather than classic phishing. Unit 42's 2024–2025 incident data from over 700 cases showed that more than a third of social engineering intrusions used non-phishing methods, including voice phishing, which surged 442% in the second half of 2024. Analysts warn that standardized security frameworks, while efficient for defenders, also serve as publicly available roadmaps that help attackers identify exactly where organizational trust is assumed and scrutiny ends.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in