77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thing

77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thing

Briefly

"While enterprises place a huge emphasis on educating workers to look out for phishing scams, the worst offenders when it comes to clicking malicious links are actually security leaders themselves. That's according to new research from Arctic Wolf, which found that despite three-quarters of IT and security leaders believing their organization wouldn't fall for a phishing attack, nearly two-thirds click phishing links."

"Yet despite their own poor record, 77% of IT leaders say they would fire staff who fall for scams, marking not only a double standard but a sharp increase from 66% in 2024. More than six-in-ten of IT leaders have changed employees' access or limited their access as a result of falling victim to phishing scams. Arctic Wolf said a better strategy to combat the rise of phishing attacks lies in more robust training for staff at all levels."

"Indeed, companies that emphasize corrective training reported an 88% reduction in long-term risk. "Terminating employees for falling victim to a phishing attack may feel like a quick fix, but it doesn't solve the underlying problem," said Marrè. "Our research shows that better-trained and better-equipped end users are far less likely to be duped - and when organizations take an education-first approach, nearly nine in ten see positive outcomes.""