Email Security Blog

How Often Should You Provide Phishing Training to Employees?

The average office worker receives approximately 121 emails every day.1 Based on an average of 250 business days a year, that means employees are deciding how to answer 75,625 emails a year. While that might make any productivity manager smile, chances are the company’s IT security team is not quite so happy, especially considering more than $1.9 billion was lost in 2020 to common office cyberattacks, including phishing, Business Email Compromise, malware, and ransomware.2

In an effort to mitigate the phishing problem, many companies have turned to in-house cybersecurity training in the form of phishing simulations.

What is the right type of email phishing training? 

If you’re not familiar with it, phishing simulations are fabricated deceptive or malicious emails which are purposely sent to employees by their own company in order to gauge how well individuals would recognize and handle real phishing threats. Frequencies vary, but one vendor suggests that each employee receive 36-48 phishing simulations a year.3

Wait. What? That would suggest that less than one percent of emails are enough to ‘train’ an employee to catch phishing scams.

There are a number of phishing simulation companies out there that make a living selling their fake emails. Companies like Mimecast, Barracuda, KnowBe4, Proofpoint, PhishingBox, and many others. They can even provide statistics on how regular simulation training can decrease incidents of phishing. In fact, one study looked at 23,400 different companies, across numerous industries, and found that between 23% - 52% of untrained employees are vulnerable to phishing attacks. That’s an average of 31.4%. After 90 days of simulation training, this number decreased to 16.4%. After a full year of phishing simulation training, the number of susceptible employees fell to 4.8%.4

Is Phishing Training Enough to Stop Phishing?

The #1 cause for email phishing disasters is human error.5 It only takes one click, download, or approval for a phishing email to successfully take a company into financial ruin. Think about it. If you have a company of 2,000 employees and someone promises their phishing simulation software will help ensure that only 4.8% of employees make mistakes…that still means 96 employees will set a phishing scam into motion.

What if every email was an opportunity to train employees on phishing threat levels?

That would be ideal.

And, that would be INKY.

INKY takes the responsibility of recognizing phishing scams away from employees and IT departments by recognizing phishing emails that the human eye could never see. INKY can even detect a new (a.k.a. zero-day attack), which a phishing simulator could never replicate.

As for educating employees, a subtle form of cyber training is baked into every email protected by INKY’s anti-phishing capabilities. It comes in the form of a simple banner that alerts readers of dangerous and suspicious emails. Gray is safe. Yellow advises caution. Red signals danger. Whether it’s on a desktop, laptop, or mobile device, each INKY-protected email is evaluated.

The INKY Banner is effective yet simple and has prevented millions of email phishing attacks. To do so, INKY performs a high-level analysis using computer vision, artificial intelligence, and machine learning. Once the phishing analysis is complete, INKY applies a banner to every email, which notifies the user of the email’s phishing threat level and trains them on the different possible scenarios.

Don’t provide monthly phishing simulation training to employees. Train and protect them all day long instead.

Learn more about the INKY Banner. Schedule a demonstration today.


INKY® is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, that prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition.