LONDON, UK—July 8, 2025. Keepnet has released new research showing that employees are most vulnerable to phishing attacks during their first three months on the job. The study highlights a critical weakness in many companies’ onboarding processes—and urges leaders to take action.

Based on data from 237 organizations across multiple industries, Keepnet’s 2025 New Hires Phishing Susceptibility Report found that new starters are significantly more likely to fall for phishing scams than their longer-serving colleagues. The most successful attacks used fake HR messages, fake invoices, tech support scams, and impersonation of company leaders.

The report reveals that new hires are 44% more likely to be tricked by phishing emails compared to tenured staff. In particular, phishing emails pretending to be from the CEO were 45% more successful with new employees. These types of emails often rely on authority or urgency—making them especially effective with those still learning the ropes.

But there is hope. Companies that used smart onboarding tools—like AI-driven simulations, personalized training, and behavior tracking—saw a 30% drop in phishing risk after onboarding. The most successful security programs combined education, gamification, and culture-building strategies to help employees recognize and report threats early.

Expert Voices

Industry experts contributed to the report and emphasized the importance of building cyber awareness from day one.

“New hires are eager to succeed but often unsure of what’s normal. Without clear guidance, they’re left guessing—and that’s dangerous,” said Ant Davis of Tesco.

“Even experienced employees get caught off guard. But for new staff, the risk is even greater. Gut instincts matter, especially with today’s AI-powered threats,” added Michelle Brown of Staples.

Keepnet’s Recommendations
To reduce human cyber risk during onboarding, Keepnet recommends a multi-layered approach:

AI-powered phishing simulations tailored to different roles

Personalized training content based on employee behavior

Gamified dashboards that encourage learning and engagement

Security culture metrics to track progress over time

Automated targeting of high-risk groups for extra support

These strategies have led to strong business results—up to 85% fewer incidents and potential savings of $1 million per year for large organizations.

A Message from the CEO
“Cybercriminals don’t wait until your new hires are ready,” said Ozan Ucar, CEO of Keepnet. “We built our platform to protect people from day one, using technology that adapts to their learning pace and risk level.”

📥 Download the full report here:
https://keepnetlabs.com/reports/new-hires-phishing-susceptibility-report