Recommended reading

70% of new hires click on phishing links within the first 3 months of employment - here's how to stay safe

News
By published

Hackers know your new hires better than you do, and can exploit them

Office software
(Image credit: Pixabay)
  • Most phishing incidents happen before new employees even understand how internal systems work, report claims
  • Security awareness should begin on day one, before the first email is even opened
  • Hackers target uncertainty, and onboarding is full of it for eager, confused new hires

The first few months of employment are now one of the riskiest periods for enterprise cybersecurity, new research has claimed,

Keepnet’s 2025 New Hires Phishing Susceptibility Report found nearly three-quarters (71%) of new hires fall for phishing or social engineering attacks within their first 90 days on the job.

Often overlooked in onboarding workflows, this shortcoming suggests many organizations are not doing enough to prepare new staff for the reality of modern cyber threats.

Inexperience, urgency, and confusion drive early mistakes

The report, based on data from 237 companies, reveals new employees are 44% more likely to be deceived by phishing attempts than their longer-tenured colleagues.

Most incidents stem from a combination of inexperience, lack of familiarity with internal processes, and a desire to comply with instructions.

Common attack types include CEO impersonation, fraudulent HR portals, fake invoice requests, and technical support scams, many of which exploit this period of onboarding confusion.

The study also found phishing emails impersonating executives led to a 45% higher success rate among new hires compared to tenured staff.

This gap demonstrates how even basic social engineering tactics can be disproportionately effective against employees who are still navigating organizational systems and norms.

Without dedicated and structured training, these early errors can create long-lasting security risks.

To tackle this issue, Keepnet recommends that organizations adopt a layered defense strategy tailored specifically for onboarding periods.

Organizations that adopted adaptive simulations and behavior-based training programs saw phishing risk drop by 30% after onboarding.

Traditional tools like the best endpoint protection, best FWAAS, and best FWAAS solution remain essential, but they are not enough on their own.

“Phishing attacks don’t wait for your employees to feel ready. Our research shows that organizations must invest in onboarding-specific cybersecurity awareness training. We’re proud to offer adaptive, scalable solutions that protect businesses from day one,” said Ozan Uçar, CEO, Keepnet.

You might also like

Efosa Udinmwen
Efosa Udinmwen
Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.