- Most phishing events happen before new employees even understand how internal systems work, reports allegations
- Security awareness must begin on the first day before the first E -mail is even opened
- Hackers are targeted uncertainty and onboarding is full of the eager, confused new hires
The first few months of employment is now one of the most risky periods of business cyber security, new research has claimed,
Keepnet’s 2025 new employment phishing-sensitivity report found that nearly three-quarters (71%) of new hires fall for phishing or social technical attacks within their first 90 days on the job.
Often overlooked in onboarding workflows, this deficiency suggests that many organizations do not do enough to prepare new staff for the reality of modern cyber threats.
Inexperienced, urgent and confusion drives early errors
The report, based on data from 237 companies, reveals that new employees are 44% more likely to be deceived by phishing attempts than their long-term colleagues.
Most events come from a combination of inexperience, lack of confidentiality with internal processes and a desire to comply with instructions.
Ordinary types of attack include CEO reflection, false HR portals, false invoice requests and technical support fraud, many of which utilize this period of boarding.
The study also found phishing -e emails that imitated leaders led to a 45% higher success rate among new hires compared to employed employment.
This hole shows how even basic social engineering tactics can be disproportionately effective against employees still navigating organizational systems and norms.
Without dedicated and structured training, these early errors can create long -term security risks.
To tackle this problem, Keepnet recommends that organizations adopt a layered defense strategy tailored specifically during onboarding periods.
Organizations adopted adaptive simulations and behavior-based training programs so that the phishing risk decreases by 30% after onboarding.
Traditional tools such as the best endpoint protection, best fwaas and best Fwaas solution remain important, but they are not enough on their own.
“Phishing attacks are not waiting for your employees to feel ready. Our research shows that organizations need to invest in onboarding-specific cyberSecurity attention training. We are proud to offer adaptive, scalable solutions that protect companies from day one,” said Ozan Uçar, CEO, KEEPNET.
