The Click Curve

Why Developers and Executives Get Hooked First

Phishing attacks are evolving at an alarming rate. AI-powered phishing, deepfake scams, and hyper-personalized attacks are making it easier for cybercriminals to bypass traditional security defenses. Despite significant investments in security awareness training, employees are still falling victim—and the data reveals who clicks most.

The Truth About Phishing: Who's Clicking and Why It Matters

Phishing attacks are evolving at an alarming rate. AI-powered phishing, deepfake scams, and hyper-personalized attacks are making it easier for cybercriminals to bypass traditional security defenses. Despite significant investments in security awareness training, phishing simulations, and email filtering solutions (SEG's), employees are still falling victim to phishing scams.

At PhishCloud, we conduct Custom Phishing Readiness Assessments for organizations worldwide, and our findings reveal some startling insights—not just how many people click, but who is clicking. Understanding these trends is critical to strengthening your organization's security posture.

The Startling Reality of Phishing Click Rates

Our research and data from real-world phishing assessments show that when faced with an external, "hacker-like" phishing attack:

  • 10% of employees will click on a malicious phishing link.
  • 40% – 70% of those who click will provide their credentials.
  • Many employees attempt multiple times on different devices, increasing exposure to security breaches.

To further illustrate the enormity of the phishing problem for companies today, here's some additional data you need to know:

  • Data shows that 91% of cyberattacks start with phishing.
  • Phishing-related business email compromise (BEC) attacks cost organizations an average of $5 million per incident.
  • Cybercriminals are using AI to create phishing emails that are 90% more effective than traditional spam.

This means that despite security awareness efforts, employees continue to fall for phishing attempts—but the real concern is who is clicking.

Who's Most Likely to Click?

A key takeaway from our assessments is that phishing isn't just a problem among the general workforce—executives and key personnel are among the most frequent clickers.

Click Rate by Employee Role:

  • 20% – 29% of clicks come from Executive Leadership.
  • 19% – 27% of clicks come from Developers.
  • 18% – 23% of clicks come from Managers.
  • 15% – 22% of clicks come from Salespeople.

Here's the math: 52% of all phishing clicks come from company management—the very people responsible for security oversight. Why are executives and key management personnel more vulnerable?

  • Skipping Training: Executives often bypass security training due to time constraints, making them prime targets.
  • High-Value Targets: Cybercriminals specifically target executives because they have access to sensitive data, financial information, and decision-making authority.
  • Overloaded & Distracted: With packed schedules and high email volume, executives and managers are more likely to skim emails and click without verifying.

One of the most alarming cases involved a CEO who unknowingly approved a $25.6 million wire transfer after cybercriminals used deepfake video technology to impersonate a senior executive.

PhishCloud's Custom Phishing Readiness Assessment: A Real-World Approach

Unlike standard phishing simulations that employees quickly recognize, PhishCloud's Custom Phishing Readiness Assessment replicates real-world phishing attacks, incorporating multi-layered, sophisticated techniques used by today's cybercriminals.

Our assessments go beyond compliance to provide actionable insights that help organizations:

  • ✔ Strengthen their security posture by identifying vulnerabilities.
  • ✔ Understand their level of phishing risk across different user roles.
  • ✔ Improve Security Awareness Training programs with data-driven strategies.
  • ✔ Assess their organization's information footprint and exposure to phishing.
  • ✔ Meet regulatory compliance requirements for phishing risk management.

Companies using PhishCloud have seen a 75% reduction in phishing click rates within 6 months.

If you're serious about security and ready for the truth, it's time to experience the PhishCloud difference.

PhishCloud PHISH360°: The Only True Phishing Protection

Once you understand your phishing risk, let's talk about PhishCloud PHISH360°—the only cloud-native solution focused 100% on phishing prevention.

Why PhishCloud PHISH360°?

  • AI-Powered Threat Detection: Uses machine learning to detect phishing attempts before they reach employees.
  • Real-Time Email & Website Scanning: Identifies and blocks phishing links in emails and online interactions.
  • Behavior-Based Protection: Recognizes abnormal user behavior and alerts security teams.
  • 99.5% Phish Avoidance Rate: The highest phishing protection rate in the industry.

Unlike traditional email security solutions that only block known threats, PhishCloud prevents even zero-day phishing attacks before they can cause harm.

Don't wait until a phishing attack compromises your business. Protect your employees, executives, and sensitive data with PhishCloud today.

🎣 The Click Curve: 52% of Phishing Clicks Come From Management

Executives and developers—the people with the most access and authority—are clicking at alarming rates. AI-powered phishing is 90% more effective than spam, and a CEO just lost $25.6M to a deepfake. The click curve is real.

The Phishing Crisis by the Numbers

10%

Of employees click malicious phishing links

40-70%

Of clickers provide their credentials

91%

Of cyberattacks start with phishing

$5M

Average cost of BEC phishing attacks

90%

AI phishing is more effective than traditional spam

$25.6M

Lost by CEO to deepfake phishing attack

Who's Clicking? The Click Curve Breakdown

Executive Leadership 20-29%

Highest click rate. Skip training, high-value targets, packed schedules.

Developers 19-27%

High access to systems and code repositories. Distracted by technical work.

Managers 18-23%

Handle multiple priorities. Skim emails quickly, miss red flags.

Salespeople 15-22%

Constant external communication. Harder to distinguish legitimate from phishing.

Why Executives & Developers Are Most Vulnerable

Skipping Training

Click to explore

Executives bypass security training due to time constraints. They're the least prepared yet hold the most authority—making them prime targets for attackers.

🎯

High-Value Targets

Click to explore

Cybercriminals specifically target executives and developers because they have access to sensitive data, financial information, and critical systems. One click = massive breach.

📧

Overloaded & Distracted

Click to explore

Packed schedules and high email volume mean executives and managers skim emails without verifying. Developers focus on code, not security alerts. Distraction = vulnerability.

PhishCloud: Breaking the Click Curve

Custom Phishing Readiness Assessment

Unlike standard phishing simulations employees quickly recognize, PhishCloud replicates real-world phishing attacks incorporating multi-layered, sophisticated techniques used by today's cybercriminals.

Our assessments identify vulnerabilities, measure phishing risk across user roles, improve security awareness training with data-driven strategies, and assess your organization's information footprint and exposure.

Result: 75% reduction in phishing click rates within 6 months.

PHISH360°: AI-Powered Threat Detection

PhishCloud PHISH360° is the only cloud-native solution focused 100% on phishing prevention. Uses machine learning to detect phishing attempts before they reach employees.

Real-time email and website scanning identifies and blocks phishing links in emails and online interactions. Unlike traditional email security solutions that only block known threats, PhishCloud prevents even zero-day phishing attacks.

99.5% Phish Avoidance Rate—highest in the industry.

Behavior-Based Protection

PhishCloud recognizes abnormal user behavior and alerts security teams immediately. When executives skim emails or developers work distracted, PhishCloud monitors patterns and intervenes before clicks turn into breaches.

Advanced technology works quietly in the background, delivering robust security while remaining user-friendly. No disruption to workflow—just seamless, intelligent protection.

Real-World Impact: Stopping Deepfakes & BEC

When a CEO lost $25.6M to a deepfake phishing attack, it proved that traditional defenses can't keep up with AI-powered threats. PhishCloud's AI detection identifies deepfakes, BEC attacks, and hyper-personalized phishing before they reach inboxes.

Phishing-related BEC attacks cost organizations an average of $5M per incident. PhishCloud ensures your executives, developers, and sensitive data are protected—no matter how sophisticated the attack.

52% of Clicks Come From Management—Protect Them First

Executives and developers are clicking at alarming rates. AI-powered phishing is 90% more effective, and the stakes are higher than ever. PhishCloud breaks the click curve with real-world assessments and 99.5% phish avoidance. Don't wait for a $25.6M mistake.

Explore PHISH360 Contact Us
Scroll to Top