---
title: "Biggest Phishing Attack Risk: It Can’t Happen to Me | Phish Protection"
description: "Biggest Phishing Attack Risk: It Can’t Happen to Me: Some people just refuse to put the seatbelt on when they get in their car. An act that takes about."
image: "https://phishprotection.com/og/blog/biggest-phishing-attack-risk-happen.png"
canonical: "https://phishprotection.com/blog/biggest-phishing-attack-risk-happen/"
---

Quick Answer

Some people just refuse to put the seatbelt on when they get in their car. An act that takes about two seconds. It's a lot of protection - perhaps lifesaving - for a little bit of time and effort. And it's not like they're unaware of seatbelts or the protection they provide. I guess they just assume that when it comes to getting into a wreck, it can't happen to them.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-phishing-attack-risk-happen%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Biggest%20Phishing%20Attack%20Risk%3A%20It%20Can%26%238217%3Bt%20Happen%20to%20Me&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-phishing-attack-risk-happen%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-phishing-attack-risk-happen%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-phishing-attack-risk-happen%2F&title=Biggest%20Phishing%20Attack%20Risk%3A%20It%20Can%26%238217%3Bt%20Happen%20to%20Me "Share on Reddit") [ ](mailto:?subject=Biggest%20Phishing%20Attack%20Risk%3A%20It%20Can%26%238217%3Bt%20Happen%20to%20Me&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-phishing-attack-risk-happen%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/06/spear-phishing-protection-7817.jpg) 

Some people just refuse to put the seatbelt on when they get in their car. An act that takes about two seconds. It’s a lot of protection - perhaps lifesaving - for a little bit of time and effort. And it’s not like they’re unaware of seatbelts or the protection they provide. I guess they just assume that when it comes to getting into a wreck, it can’t happen to them.

Unfortunately, when it comes to **phishing attacks**, most organizations adopt the same attitude: it can’t happen to me. Perhaps more shocking is that those responsible for the security in those organizations also underestimate the **risk of phishing**. That according to a new survey conducted by[ Survata](https://www.informationweek.com/whitepaper/security-monitoring/security-management-and-analytics/slashnext-phishing-survey/406953?gset=yes&%5Fmc=NL%5FDR%5FEDT%5FDR%5Fweekly%5F20190530&cid=NL%5FDR%5FEDT%5FDR%5Fweekly%5F20190530&elq%5Fmid=91263&elq%5Fcid=28171904) for SlashNext entitled **_Phishing in the Dark_**.

![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2019/06/spear-phishing-protection-7817.jpg) 

According to the survey of cybersecurity decision makers in mid-size companies, “_Ninety-five percent of respondents underestimate how frequently phishing is used at the start of attacks to successfully breach enterprise networks._”

What’s also surprising from the survey is that the top concern (64%) of the IT pros is shortfalls in employee **awareness training**. It’s surprising because of how ineffective employee awareness training is.

The best employee awareness training out there is probably from KnowBe4\. Even[ they admit](https://www.knowbe4.com/resources/point-of-failure-phishing-training-does-not-work/) with a full 365 days of training, 2.17% of employees will still get successfully phished. That means in a mid-size company of 400 employees, eight will still click on malicious links in **phishing emails** after a year of training.

> 

Just as a reminder, the number of click it takes to infect the entire company is ONE.

The survey confirmed what we already know about ineffective training. “Threat actors’ tactics have evolved to using very fast-moving phishing sites and attack vectors that evade existing security controls. **Phishing awareness training** offers little to protect employees when phishing sites appear more legitimate and often manipulating users.”

![Spear phishing prevention](https://media.mailhop.org/phishprotection/images/2019/06/spear-phishing-prevention-7819.jpg) 

The result is a lethal combination of factors that explain why so many companies are [vulnerable to phishing attacks](https://www.infosecurity-magazine.com/opinions/phishing-not-enough-awareness/). Most think it can’t happen to them and those that do use ineffective methods to try and prevent it.

Fortunately, the survey did recommend a solution. It stated, “Such brief durations demand that organizations use real-time **anti-phishing solutions** that can detect a ma­licious phishing site in real time.”

That’s how you [prevent phishing](/) attacks. You assume it can happen to you and you assume that employees WILL click on malicious links in phishing emails and you respond accordingly with real-time protection that acts at the same speed as the hackers.

When you’re ready to believe it can happen to you and want to protect your company for just pennies a day per employee, head on over to our [Advanced Threat Defense](/office-365-phishing-protection/) product. Try it risk free for 30 days.

## Topics

[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 14m  12 Real-World Spear Phishing Examples And The Red Flags You Missed  Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[  Foundational 2m  8 million Android users fell prey to SpyLoan malware on Google Play Store  Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[  Foundational 1m  A Big Part of the Phishing Problem is You  Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Biggest Phishing Attack Risk: It Can’t Happen to Me","description":"Biggest Phishing Attack Risk: It Can’t Happen to Me: Some people just refuse to put the seatbelt on when they get in their car. An act that takes about.","url":"https://phishprotection.com/blog/biggest-phishing-attack-risk-happen/","datePublished":"2019-06-04T05:46:52.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-06-04T05:46:52.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/biggest-phishing-attack-risk-happen/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":460,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/06/spear-phishing-protection-7817.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Biggest Phishing Attack Risk: It Can’t Happen to Me","item":"https://phishprotection.com/blog/biggest-phishing-attack-risk-happen/"}]}
```