.jpg?width=400&height=225&name=Evangelists-Martin%20Kraemer%20(1).jpg)
In today’s world, cyberattacks are a constant threat. While technical defenses are crucial, people often remain the easiest attack vector for cybercriminals.
To gauge the resilience of French employees against cyberattacks, we looked at the impact of security awareness training (SAT) and phishing simulations in strengthening their defenses. Our latest report, “Go Phish: How Susceptible Are French Employees To Malicious Attacks?“, aims to provide some insight.
A concerning lack of confidence
Our report reveals a significant gap between perceived and actual readiness among French employees. While the global average for confidence in identifying phishing attacks sits at 86%, only 67.7% of French employees feel confident. This places France at the bottom of the regions surveyed, highlighting a critical need for increased security awareness.
Furthermore, there isn’t a single attack type that French employees feel confident about identifying. Almost half admit that they would struggle identifying deepfake videos, with only 55.6% feeling confident. This lack of confidence extends across email phishing (67.7%), smishing (69.9%), social engineering (59.6%), social media phishing (66.7%), and vishing (68.4%).
The reality of click rates
Unfortunately, perception isn’t always reality. Nearly half (47.7%) of French employees confess to having fallen victim to a cyberattack. Phishing by email leads the charge, with 19.3% of employees reporting incidents.
Interestingly, our data aligns with broader industry trends. Our 2025 Phishing By Industry Benchmarking Report found a Phish-prone Percentage (PPP) of 32.5% for European organizations before any SAT. This means that a third of employees across the continent are susceptible to phishing attacks.
Training: The key to reducing risk
The good news? Effective human risk management through frequent personalized, relevant and adaptive SAT and phishing simulations can drastically reduce click rates. While a concerning 33.3% of French employees currently receive no SAT, the impact of effective training is undeniable.
For European organizations implementing continuous SAT and phishing simulations, the initial 32.5% click rate drops significantly. After just three months, it reduces to 20.7%, and after a year, the phishing click rate plummets to a mere 5%–an impressive 85% reduction in phishing risk. This sustained improvement demonstrates the power of consistent training.
Moreover, French employees themselves see the value in simulations. Of those who receive them, 87.5% find the simulations relevant to their work, and 86.5% believe they improve their security awareness of real phishing threats.
Building a more resilient workforce
To ensure your organization is equipped to face the threat landscape, consider these five best practices for your training program:
- Personalize, Personalize, Personalize: Tailor training to individual roles and the specific threats they face.
- Use Real Threats (Neutralize First): Leverage neutralized phishing emails from actual attacks to make training highly relevant.
- Continuous Coaching is Critical: Ongoing training reinforces security policies and helps change behaviors.
- Remember Cultural Factors: Recognize that different regions and cultures may have unique approaches to training engagement.
- Disrupt Negative Security Behaviors: Implement technologies that intervene at the point of risk, guiding employees toward more secure decisions.
By embracing a human-first approach that combines robust technical defenses with personalized, relevant and adaptive SAT and continuous practice, organizations can transform their workforce from the largest attack surface into their biggest asset.
