<![CDATA[Phishing remains one of the most prevalent cybersecurity threats worldwide, with a growing focus on human error as a primary attack vector. This study investigates whether structured security awareness training featuring embedded microlearning, periodic reinforcement, and difficulty calibrated phishing simulations can reduce susceptibility to phishing and improve organizational resilience. Using a cluster randomized field experiment design, the intervention was implemented across multiple business units. Participants received an initial training module (30–60 minutes), followed by booster sessions every 3–4 months. Simulated phishing emails, rated for difficulty via the NIST Phish Scale, were distributed to measure failure, reporting, and credential submission rates. Resilience factor, defined as reporting rate divided by failure rate, was introduced as a composite behavior metric. Statistical analyses included GLMMs for repeated binary outcomes and survival models for latency behaviors. The training significantly lowered failure rates (from 11.2% to 7.5%), doubled reporting rates (14% to 28%), and increased resilience (1.2 to 3.7). Time to report metrics suggested faster user response, while stratified analysis showed greater gains among newer and non technical employees. Real world phishing incident rates declined post intervention, correlating with training engagement. These results validate the long term impact of calibrated and behavior driven awareness programs. In conclusion, this study offers a scalable, ethical, and statistically grounded approach to phishing risk mitigation. Emphasizing performance metrics such as resilience factor, it supports the integration of adaptive training strategies into broader cybersecurity frameworks.]]>
Copyrights © 2025
