New research highlights human cyber risk during onboarding and strategic defenses to mitigate it.
LONDON, UK — June 26, 2025 — In its latest industry-first research, Keepnet has uncovered a startling risk: 71% of new hires fall for phishing attacks within their first 90 days of employment, making onboarding one of the most critical periods for cybersecurity. The 2025 New Hires Phishing Susceptibility Report reveals a pressing need for organizations to rethink how they protect their human layer during onboarding.
Drawing on data from 237 companies across diverse industries, the study found that new employees are 44% more susceptible to phishing and social engineering attacks than their tenured counterparts. The most common attack vectors included CEO impersonation, fraudulent HR portals, fake invoices, and tech support scams, often exploiting new employees’ eagerness to comply, lack of familiarity with internal processes, and insufficient early-stage security training.
Key Findings from the Report
- 71% Phishing Susceptibility: New hires are exposed to high cyber risks due to limited experience and lack of structured onboarding security education.
- 44% More Vulnerable than Tenured Staff: Calculated using comparative phishing risk levels between new hires and employees past the 90-day mark.
- 30% Risk Reduction Achieved: Organizations implementing adaptive simulations and behavior-focused security programs saw phishing risk drop by 30% after onboarding.
The report also highlights that CEO impersonation emails had a 45% higher success rate among new hires than experienced staff, underlining how authority-based phishing continues to be a potent threat during onboarding.
Experts Sound the Alarm
Industry leaders who contributed to the report emphasized the critical nature of the onboarding period.
“New hires bring fresh energy—but they also face a steep cybersecurity learning curve. If we don’t clearly explain how things work and why they matter, we leave new starters to figure it out on their own. That’s not just unfair, it’s risky.”
— Ant Davis, Tesco
“Even seasoned staff must stay alert, especially as scams and AI threats evolve. A gut feeling that something’s off can be the difference between catching a phish and causing an incident.”
— Michelle Brown, Staples
Strategic Response: AI, Gamification, and Culture-Driven Security
The report recommends a multi-pronged strategy built on Keepnet’s Unified Human Risk Management Platform. The platform reduces new hire risks through:
- AI-Powered Phishing Simulations and Hyper-Personalized Training
- Gamification Dashboards to encourage engagement and secure behavior
- Security Behavior & Culture Program (SBCP) metrics like phishing dwell time and repeat offender rates
- Automated Segmentation of high-risk employee groups for tailored intervention
These features contribute to measurable business outcomes: an 85% drop in incidents linked to target behaviors and a potential annual cost saving of $1 million per organization.
A Message from Keepnet’s CEO
“Phishing attacks don’t wait for your employees to feel ready. Our research shows that organizations must invest in onboarding-specific cybersecurity awareness training. We’re proud to offer adaptive, scalable solutions that protect businesses from day one.”
— Ozan Ucar, CEO, Keepnet
📥 Download the full 2025 New Hires Phishing Susceptibility Report:
https://keepnetlabs.com/reports/new-hires-phishing-susceptibility-report
About Keepnet
Keepnet is an Extended Human Risk Management Platform (xHRM) helping organizations reduce employee-driven cybersecurity risks through AI-based phishing simulations, security awareness training, and phishing incident response. Keepnet xHRM helps organizations from SMEs to global enterprises minimize phishing susceptibility by up to 92% and respond to threats 168 times faster.
Contact Info:
Keepnet Marketing Team
