IRONSCALES Survey Reveals Phishing Awareness Training Not Equating to Reduced Clicks

Share Article

Interviews with 300 security professionals at Infosecurity London also revealed SOCs continued struggle with threat detection & strong demand for inbox security to mitigate malicious messages without payloads

News Image
This survey makes It abundantly clear that while phishing is high on everyone’s radar, organizations continue to struggle to expeditiously deflect the threats posed by email borne attacks.

IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today announced the results of a recent survey of security professionals at Infosecurity London, Europe’s largest information security conference drawing 15,000 attendees from around the world. During the three-day event, IRONSCALES interviewed 300 security professionals from end user organizations across industry who had IT security as part of their job title.

Upon analysis of the responses, the survey uncovered three common themes:

  • Although anti-phishing is a priority, both malicious messages with and without payloads continue to plague the vast majority of businesses.
  • Phishing emails remain a primary burden to SOC teams, consuming much of their time with manual email forensics and remediation
  • Despite substantial investment, phishing awareness training is not equating to a significant decrease in clicks

Specific takeaways from the survey include:

Business Challenges

  • 54% of organizations confirm that their company continues to be plagued by phishing emails on a regular basis
  • 85% of respondents said that employees need better inbox tools to detect sophisticated phishing emails
  • When asked how prepared their organization is to deal with email phishing, on a scale of 1 – 10 (with 10 being very effective)
  • 44% rated their organization a seven or less
  • 35% of organizations do not have an email address or a ‘report button’ for employees to share suspicious messages with

SOC Challenges

  • 55% of organizations cited the time to detect phishing messages as the greatest challenge facing their SOC/Security teams
  • 24% said performing email forensics on messages received was the greatest threat
  • 18% said removing malicious messages from mailboxes was the greatest threat
  • 94% agreed that automating the SOC teams’ manual processes from attack detection to response would greatly reduce the amount of damage that can be inflicted on the company
  • 38% of organizations reported looking for a combination of automated email forensics, mitigation and remediation; such as in-mail banner alerts that would warn users a message may be fraudulent, human verified phishing intelligence that they could act on, and help from AI solutions that could help predict unknown or unverified phishing emails
  • 95% agreed that humans and technology should work side by side in order to better detect and respond to sophisticated email phishing attacks

Phishing Awareness Training Challenges

  • 76% of organizations claim to train employees to spot phishing emails
  • Less than 50% said that click rates had dropped as a result of employing awareness and training programs.
  • 25% confessed that they ‘Didn’t Know’ if click rates had fallen
  • When asked how effective phishing awareness training programs are, on a scale of 1 – 10 (with 10 being very effective)
  • 60% rated them at a 7 or less

“On average, it takes just 82 seconds between a phishing email passing through the gateway and the first user interacting with the rogue message,” said Eyal Benishti, IRONSCALES founder and CEO. “This survey makes It abundantly clear that while phishing is high on everyone’s radar, organizations continue to struggle to expeditiously deflect the threats posed by email borne attacks. In today’s threat landscape, businesses simply cannot afford to rely on phishing awareness training or overburdened SOC teams when neither are getting the job done. That’s why the IRONSCALES platform was purposefully built in recognition of the reality that phishing mitigation requires humans and machines to consistently work together to defeat the phish.”

The IRONSCALES advanced phishing threat protection platform seamlessly integrates with G-Suite and Microsoft Office365 environments. It was specifically built to automatically prevent, detect and respond to spear-phishing, business email compromise and other sophisticated email phishing attacks that now easily evade secure email gateways and other email security tools. Its automated and multi-layered approach combines:

1. Micro-learning phishing simulation and awareness training to qualify human phishing sensors (IronSchool)
2. Advanced Mailbox-Level Anomaly Detection (IronSights)
3. Automated Phishing Email Incident Detection & Response (IronTraps)
4. Real-time Actionable P2P Phishing Intelligence Sharing (Federation)

For more information on IRONSCALES, visit To learn why industry analyst Ovum calls the IRONSCALES’ phishing prevention, detection and response platform one to watch “for their potential impact on markets and could be suitable for certain enterprise and public-sector IT organizations,” visit

IRONSCALES is the leader in advanced phishing threat protection, combining human intelligence with machine learning to automatically prevent, detect and respond to advanced email phishing threats. By combining technical and end-user controls into one integrated, automated & multi-layered platform, IRONSCALES drastically reduces the workload burden of SOC and security teams while expediting the time from phishing attack discovery to enterprise-wide remediation from hours, weeks or months to just seconds. Headquartered in Tel Aviv, IRONSCALES was incubated at the 8200 EISP, the top program for cybersecurity ventures, founded by alumni of the Israel Defense Forces’ elite Intelligence Technology unit.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Evan Goldberg
+1 (855) 300-8209
Email >
since: 07/2014
Follow >

Follow us on
Visit website