Cybersecurity: New Hires are Your Weakest Link

This Robinson Cole blog cites a recent study that says new hires are your company’s weakest link when it comes to avoiding phishing schemes:

When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its recent survey, the 2025 New Hires Phishing Susceptibility Report, a whopping “71% of new hires click on phishing emails within 3 months” of starting their position. New hires are 44% more likely to fall for phishing and social media attacks than seasoned employees.

The survey is based on responses from 237 companies in various industries. The report’s findings reveal that new employees are at a significantly higher risk of becoming phishing and social engineering victims because they do not get enough security training during their onboarding process, and they are less experienced than veteran staff. The survey shows that new hires are unfamiliar with the organization’s protocols and are eager to respond to requests to make a good impression.

Not surprisingly, the study found that attacks that come from someone impersonating the CEO or HR are particularly effective against new hires.  The good news is that the study also found that phishing risk fell by 30% at companies that used adaptive phishing simulations and behavior-based training after onboarding new employees.  The blog concludes that the key takeaway from these results is the importance of training:

The key lesson to take away here is to train new employees on cybersecurity protocols early and often. Understand that they are trying to impress their superiors and that they are more vulnerable to attacks. Give them the tools to feel comfortable identifying and reporting suspicious messages and instill in them with the confidence and understanding that they are an important team member for the security of the organization.