New Study Examines the Effectiveness of Phishing Training Programs

A recent publication in the 2025 IEEE Symposium on Security and Privacy evaluates the impact of common enterprise security training methods, including annual cybersecurity awareness training and embedded anti-phishing exercises. Conducted by Stefan Savage (UC San Diego) and collaborators, the eight-month study involving over 19,500 employees at a large healthcare organization found minimal differences in phishing simulation failure rates between trained and untrained users. The findings raise important questions about the effectiveness of current anti-phishing training strategies.

Read more: DOI: 10.1109/SP61157.2025.00076

Submitted by Katie Dey on