Are Your New Hires More Vulnerable?
Study Finds New Hires 40% More Likely to Fall for Phishing Emails
A recent industry study has found that employees in their first year at a company are 40% more likely to click on phishing links compared to longer-tenured staff. The findings highlight a persistent challenge for businesses: while new hires bring fresh skills and energy, they also represent a higher cybersecurity risk during their onboarding period.
Researchers attribute this increased vulnerability to several factors. New employees are often unfamiliar with company communication styles, making it harder to spot unusual requests or suspicious formatting. They may also be eager to respond quickly to messages from supervisors or colleagues they have not yet met in person—conditions that phishing attempts often exploit.
The Targets Have Changed
Attackers are adapting their tactics accordingly, with some tailoring phishing emails to look like onboarding documents, benefits information, or urgent requests from HR or IT. These “contextual lures” have a higher success rate when targeting those still learning company systems and culture.
The Experts Speak On What You Can Do
Cybersecurity experts stress that organizations need to address this gap early. Traditional email filters and endpoint protections can help, but proactive security awareness training during onboarding is key to reducing risk. The goal is not just to teach new hires how to recognize a phishing email but to establish a culture where verifying unexpected requests is the norm.
As part of its recommendations, the study suggests companies should embed phishing awareness into the first week of training, run simulated phishing campaigns within the first 90 days of hiring new employees, and encourage employees to confirm suspicious requests through alternate channels if they have any doubts.
How Can You Avoid This?
For companies looking to close this gap, Nevtec offers targeted Security Awareness Training programs designed specifically for onboarding periods. In an era where one click can cause significant disruption, early investment in security training pays dividends in reducing risk and strengthening organizational resilience. Click Here to schedule a security consultation and stay ahead of the next wave of cyber threats.
