2025 Phishing By Industry Benchmarking Report

Security training reduces global phishing click rates by 86%.

The global PPP fell by a total of 86% after 12 months of ongoing security training.

After implementing phishing training, the global PPP fell by 40% in just three months.

Globally, the top three most at-risk industries with the highest baseline PPP were Healthcare & Pharmaceuticals (41.9%), Insurance (39.2%), and Retail & Wholesale (36.5%).

Organizations with 10,000+ employees showed a global baseline PPP of 40.5%.

Organizations with 1-250 employees had a global baseline PPP of 24.6%.

In organizations of 1,000-9,999 employees, three sectors achieved PPP improvement rates of 91% after 12 months of ongoing training: Healthcare & Pharmaceuticals, Hospitality, and Legal.

The global average baseline PPP before training was 33.1%. This means approximately one-third of employees interact with phishing simulations before undergoing best-practice security awareness training.

From 2024 to 2025, the general trend of around one-third of employees clicking on a simulated phishing link before training remained fairly consistent.

Across different regions, the highest baseline PPPs were found in South America (39.1%), North America (37.1%), and Australia and New Zealand (36.8%).

After 12 months of security training, the global Phish-prone™ Percentage (PPP) dropped to 4.1%.

There has been a 3.5% decrease in the global baseline PPP within a year (from 2024 to 2025), highlighting a positive shift in overall security awareness worldwide.