Email Security Blog

The Safest Way to Lower Click-Through Rates on Phishing Emails

In the business world, there are good click-through rates and bad ones. The good click-through rates belong to the marketing side of the house and are often used to measure the success of digital advertising or email campaigns. Marketers are eager for prospective customers to click-through to the company website, inquiring about their services. The bad click-through rates reside on the IT side of the house. They begin with a phishing email and have the power to destroy companies, careers, and bank accounts.

Click-through rate formulas

Lowering click-through rates on phishing emails means you’re keeping the company safe from potential cyberattacks. That includes everything from Business Email Compromise (BEC) and spear-phishing to ransomware and even zero-day attacks. Click through rate formulas (and their results) for phishing emails have been studied for some time. They’re calculated by taking the overall clicks on links in an email and divided by the number of emails sent. Sadly, they speak to the inevitable dangers you could be facing when employees can’t recognize phishing emails.

What the numbers show

When it comes to training your employees to detect malicious emails, phishing simulation exercises are not enough. They do, however, allow us to get a better understanding of click through rates, which is how many tests are conducted. In one particular study conducted in the healthcare industry, 2.9 million simulated phishing emails were sent to employees in six different hospitals.1 Approximately 16.7% of those emails were opened. If that doesn’t sound like a lot, realize that it equates to roughly 484,300 emails. Imagine the damage that would have been done had the exercise not been a phishing simulation. And while the healthcare industry is certainly at a great risk of phishing threats, the results of this study are similar to those across all industries.

Here are a few more numbers to consider:

  • Phishing attacks more than doubled in the last year2
  • 91% of all cyberattacks start with phishing emails3
  • 97% of people around the world can’t spot a sophisticated email phishing scam3
  • 22% of companies breached have lost customers immediately following a cyberatrack3

What is a good click through rate?

Employee education and awareness are crucial, however relying on employees to blindly identify every phishing email that comes their way is an impossible task. A 2020 global study done by a security awareness company in Canada found that North American users struggled the most with the phishing simulation tests, clicking through 25.5% of all phish and handing over their credentials 18% of the time.4

So, what is a good click-through rate for phishing emails? Well, considering all it takes is one email to cause a data breach, set off a ransomware attack, or worse, the optimal phishing click-through rate is zero. While that might sound unattainable, it should be every company’s goal and there are ways to continually lower your click-through rate.

How to lower click through rates on phishing emails

As mentioned, keeping employees educated on cybersecurity - and particularly email phishing - is crucial. Imagine if every email that came through to an employee told a story as to its level of cyber safety. Well, it’s possible. And, it’s proven to be extremely effective in the war against phishing.

The science behind lowering click-through rates is known in the industry as the INKY Banner and the science behind it is truly amazing. Here is how it works:

INKY performs a high-level analysis using computer vision, artificial intelligence, and machine learning. Once the phishing analysis is complete, INKY applies a color-coded banner to every email. This INKY Banner notifies the user of the email’s phishing threat level. Gray is safe. Yellow advises caution. Red signals danger. Whether it’s on a desktop, laptop, or mobile device, each INKY protected email is evaluated. The INKY Banner system takes the guesswork away from employees and educates them on what comes their way instead. Wouldn’t you rather have an employee receive an alert about a dangerous and sophisticated phishing email as opposed to letting them find one on their own and potentially become a victim? Of course.

According to one INKY customer who was asked about their click-through rate on phishing emails after the software was deployed,

“You can very clearly see - on a month-by-month basis - a steady decline. It’s been very dramatic, and now phishing is probably not our number one problem we're trying to solve.”

Investing in the type of technology you need to protect your company from phishing attacks is no longer something you should consider to be optional. Explore the industry’s best solution for the security of your email and see how INKY can lower your click-through rate on phishing emails by scheduling a free demonstration today.


INKY® is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.