- Most phishing incidents occur even before new employees understand how internal systems work, report complaints
- Safety awareness should start the first day, even before the first email is opened
- The pirates target uncertainty and integration is full for new impatient and confused recruits
The first months of employment are now one of the most risky periods for business cybersecurity, said new research,
Keepnet’s phishing sensitivity report in 2025 in 2025 found that almost three -quarters (71%) of new hires fall for phishing or social engineering attacks during their first 90 days of work.
Often neglected in the integration of workflows, this gap suggests that many organizations do not do enough to prepare the new staff for the reality of modern cyber-men.
Inexperience, emergency and confusion lead to early errors
The report, based on the data of 237 companies, reveals that new employees are 44% more likely to be deceived by phishing attempts than their longer colleagues.
Most incidents come from a combination of inexperience, a lack of familiarity with internal processes and the desire to comply with the instructions.
The types of common attacks include identity theft of CEOs, fraudulent HR portals, false invoice requests and technical support scams, many of which use this integration confusion period.
The study also revealed that phishing emails were the identity of executives who led to a success rate of 45% among new hires compared to the full staff.
This difference shows how even the basic tactics of social engineering can be effectively effective against employees who always navigate organizational systems and standards.
Without dedicated and structured training, these early errors can create sustainable security risks.
To resolve this problem, Keepnet recommends that organizations will adopt a layer defense strategy specially designed for integration periods.
Organizations that have adopted adaptive simulations and behavioral -based training programs have seen the risk of phishing drop by 30% after integration.
Traditional tools such as the best protection of final points, the best FWAAS and the best FWAAS solution remain essential, but they are not enough for themselves.
“Phishing attacks are not waiting for your employees to feel ready. Our research shows that organizations must invest in an awareness training in cybersecurity specific to integration. We are proud to offer adaptive and scalable solutions that protect companies from the first day, ”said Ozan Uçar, CEO, Keepnet.
