Phishing Awareness Training: What It Catches and What It Misses

Phishing awareness training is an industry. Multiple companies (KnowBe4, Cofense, Hoxhunt, Curricula, Proofpoint Awareness, others) sell similar products: a library of training content, a simulated phishing engine, dashboards showing per-user click rates over time. The products work. The question is not whether training reduces phishing success but how much, and where the limits are.

This post is the honest read.

What Training Actually Achieves

The data on phishing training effectiveness is consistent across vendors and across independent industry studies. The pattern:

Baseline click-through. An untrained organization has typical click-through rates on simulated phishing of 25% to 30%. Some industries are higher (healthcare, education, retail), some lower (technology, financial services). The variance is meaningful but the central tendency is around 25-30%.

After 12 to 18 months of sustained training. Click-through rates typically drop to 5% to 10%. The drop happens fastest in the first few quarters and plateaus. Continued training maintains the lower rate but does not push it much further.

Training quality matters. Simulated phishing campaigns that mirror real attack patterns produce better results than generic videos. Realistic simulations followed by brief, targeted training are the highest-impact format. Long, generic compliance videos produce minimal behavior change.

Training decays without reinforcement. Click-through rates rise within months if training stops. The behavior change is maintained by ongoing simulations, not by an initial training event.

The summary: sustained training reduces click-through rates by roughly 60-80% from baseline. The remaining 5-10% is the floor that training alone does not get below.

What Training Catches

Training is most effective against:

Recognizable patterns. Urgency cues, unusual sender addresses, suspicious links, fake login pages, generic greetings, grammatical errors. Trained employees develop pattern recognition for the canonical phishing signals.

Common social-engineering structures. CEO impersonation asking for wire transfers, fake invoices demanding immediate payment, password-expiration notices, fake delivery notifications. The high-volume attack patterns are well-documented in training libraries, and trained employees recognize them quickly.

Suspicious URLs. Hovering over links to check destination, recognizing typosquatted domains, identifying tracking-style URLs in unexpected contexts. Most training programs include explicit URL-inspection modules.

Attachment-based threats. Recognizing unusual attachment types, hovering over file extensions, recognizing macros and documents from unknown senders.

For these threats, sustained training produces real defense.

What Training Misses

Training is less effective against:

Compromised vendor or partner accounts. When the email comes from a trusted sender whose account has been compromised, the email passes every visible test. The sender is real. The address is real. The relationship is real. Only the wire instructions or the linked URL are wrong. Training cannot help here because the email looks like routine correspondence with a known party. We covered this pattern in detail at vendor impersonation: the quiet phishing vector nobody talks about.

Highly targeted attacks engineered to look legitimate. Single-target BEC attacks where the attacker has done OSINT homework and crafted a specific message defeat content-based pattern recognition. The email is not a generic template. It cites real names, real projects, real recent events. Training oriented around generic patterns does not defend against precision attacks.

Time-pressured situations. Training is most effective when the user has time to think. Attackers exploit time pressure by combining urgency with deadline-sensitive contexts (closing day, payroll cutoff, end of quarter). Under pressure, even trained users fall for attacks they would catch with calm attention.

AI-generated phishing. Most training emphasizes grammatical errors, awkward phrasing, and language tells as phishing signals. AI-generated phishing has clean prose, contextually appropriate language, and natural grammar. The traditional language-based heuristics no longer work. As reported by Keepnet Labs, AI-crafted phishing messages now click through at roughly twice the rate of human-written equivalents. Training has not fully adapted.

New attack patterns. Training libraries take time to incorporate new attack patterns. Novel attacks (calendar-invite phishing, QR-code phishing, voice-cloning hybrid attacks) are not in training programs until weeks or months after they appear in the wild.

Survivor-bias attacks. The phishing emails that reach users in 2026 are the ones that already passed gateway filters. They are the survivors. Training on the survivors is training on a hard population.

Why Training Has a Floor

The 5-10% click-through floor that sustained training cannot push past is not a training failure. It is a structural property of human attention. Some percentage of well-crafted phishing attempts will defeat any human attention, regardless of training, because:

• Attention is finite and unevenly distributed across the day.
• Some users are tired, stressed, or distracted at the moment a phishing email arrives.
• Some attacks are genuinely indistinguishable from legitimate email at first glance.
• The base rate of legitimate similar-looking email is high enough that pattern matching produces false negatives.

The floor is not a training problem to be solved. It is a structural limit of human-layer defense.

What Sits Above and Below Training

The defense stack with training included:

Below training (the email reaches the user). Native filtering, gateway products (Defender, Proofpoint, Mimecast), behavioral detection (Abnormal Security), inbox-layer filtering (Rythm). These reduce what reaches the user.

Training (the user evaluates the email). Simulated phishing, awareness training, brief targeted modules. These reduce click-through on what reaches the user.

Above training (the user fails the evaluation). MFA on credentials, hardware-key MFA on high-value accounts, verification protocols for wire transfers, account-takeover detection. These limit damage when training fails.

Each layer compensates for the limits of the others. No single layer is sufficient. Training without MFA is fragile because click-through, even at 5-10%, eventually produces a credential compromise. MFA without training is fragile because users will sometimes approve phishing prompts. Inbox-layer filtering without training is fragile because some attacks pass the filter and reach the user.

The strongest defense is the combination.

How Rythm Fits

Rythm sits at the inbox-layer filtering position in the stack. It does not train users. It reduces the volume of unsolicited mail reaching the user, which has two effects:

Volume reduction. Less mail competing for attention means more attention available for the messages that arrive. The ones that arrive get better evaluation than the ones that arrive in a flood.

Mass-attack collapse. Mass cold outreach, mass impersonation campaigns, lookalike-domain attacks become uneconomical when each recipient costs four cents. The mass version of these attacks does not run.

Rythm does not replace training and does not pretend to. The attacks that survive Rythm (because the sender paid the cover charge or is on the user’s guest list) still reach the user, and the user still has to evaluate them. Training, MFA, and verification protocols all matter for that population.

We covered the training-specific comparison at Rythm vs KnowBe4 and Rythm vs Cofense.

What Realistic Programs Look Like

For different organization sizes:

Solo professional. Training is optional and the per-user cost can be steep relative to the marginal benefit. The realistic stack is hardware-key MFA on the primary account, app-based MFA on all secondary accounts, verification protocols for wire transfers, structural inbox filtering, and cyber insurance. Training, if any, is a one-hour annual self-study from free or low-cost sources.

Small practice (5-20 people). Training is worth doing but should be lightweight. Annual training plus periodic simulated phishing (quarterly is sufficient) at a per-user cost in the $20-30 range. The program is run by the office manager with minimal overhead.

Mid-market (20-200 people). Sustained training program with monthly simulated phishing, targeted training for users who fail, dashboards reviewed by the security or compliance function. Per-user cost in the $30-60 range. Real program management is required.

Enterprise (200+ people). Full security awareness program integrated with HR onboarding, role-specific training, regulatory compliance documentation. Per-user cost in the $50-80 range, often bundled with broader security training.

The program scale should match the organization scale. Over-investing in training at small scale is expensive without proportional benefit. Under-investing at large scale leaves a meaningful threat surface unaddressed.

A Specific Honest Note

Phishing awareness training works. It does not solve the phishing problem.

The 5-10% click-through floor that sustained training does not push past is the structural reason filters and verification protocols matter. Training raises the bar. The remaining attacks are the ones that defeat raised bars. For those, MFA, inbox-layer filtering, and procedural defenses are what hold.

Rythm reduces the volume of unsolicited mail competing for trained attention, which is one of the structural defenses that compensates for training’s floor. The combination of training, filtering, MFA, and verification protocols covers what any single layer cannot.

For the related comparisons, see Rythm vs KnowBe4 and Rythm vs Cofense. For the broader frame, see why phishing emails are getting harder to spot in 2026, the anatomy of a modern phishing email, and what is BEC. Rythm is $1.65 per month, cancel anytime.