What's a typical phishing simulation click-rate benchmark in 2026?

Industry-wide ranges reported by major SAT vendors and independent research consistently land in the 25-35% range for first-year programs (no prior phishing testing) and trend below 5% for mature programs (3+ years of monthly testing with auto-assigned remediation). Verizon DBIR's social engineering action data and the FBI IC3 BEC volume support the same directional picture: phishing remains the highest-volume initial-access vector, and trained workforces materially reduce susceptibility but do not eliminate it.

How is AI-generated phishing affecting click rates?

LLM-generated phishing content has eliminated the traditional bad-grammar tells that historically distinguished mass phishing from targeted spear phishing. Public research from CrowdStrike, Recorded Future and academic studies suggests LLM-generated lures produce comparable click rates to human-crafted spear-phishing - i.e., the targeted-attack click rate (historically materially higher than mass phishing) is now achievable at mass-phishing volume. The implication for program design: harder lures need to be more standard than they were previously, and difficulty progression becomes more important.

What compliance frameworks have explicitly added phishing-simulation expectations recently?

PCI DSS 4.0 explicitly added continuous-testing language. NYDFS Part 500 (Section 500.14(a)(3)) added 'including for phishing attacks' in the 2023 Second Amendment. NIS2 transposition (effective in EU member states 2024-2025) explicitly added cybersecurity training obligations. CMMC 2.0 enforcement (32 CFR 170, finalized late 2024) introduced third-party assessment of NIST 800-171 AT family controls. HITRUST CSF v11 raised the operational rigor expected at the Implemented and Measured tiers. Programs designed for any one of these frameworks substantially satisfy the others.

What does cyber insurance underwriting look like for phishing programs in 2026?

Cyber insurance applications in 2026 universally include phishing-program questions across all major writers in the cyber-insurance market. Carriers without an explicit requirement use phishing program evidence as a premium-adjustment factor. The application questions consistently cover: continuous program existence, frequency (monthly is the operational standard), click-rate trends, auto-assigned remediation training, coverage scope including executives and contractors and reporting cadence. Organizations without a continuous program face higher premiums; organizations with mature programs see material premium reductions and broader sub-limit coverage.

Where did the data in this report come from?

This report synthesizes published 2025-2026 research from Verizon Data Breach Investigations Report (DBIR), IBM Cost of a Data Breach Report, Sophos State of Ransomware, FBI IC3 (Internet Crime Complaint Center) annual reports, CrowdStrike Global Threat Report, Mandiant M-Trends, CISA advisories and joint cybersecurity advisories and academic research on AI-generated phishing. Bait & Phish does not publish original aggregate customer data in this report; the synthesis draws on publicly-available research.

Phishing Simulation Industry Report 2026: Benchmarks, Threats and Trends

Q: What's the biggest 2025-2026 phishing trend changing program design?

AiTM (adversary-in-the-middle) reverse-proxy phishing has commoditized - phishing-as-a-service operations make AiTM attack kits accessible to non-sophisticated actors. The implication: standard MFA (push approval, TOTP) no longer reliably stops credential theft. Programs that previously relied on MFA as the post-click defense need to integrate FIDO2/passkey-resistant authentication, OAuth consent restrictions, session-binding controls and continuous-simulation training that covers the AiTM attack pattern. Mandiant and CrowdStrike threat reports both document this shift through 2025.

Phishing Simulation Industry Report 2026: Benchmarks, Threats and Trends

This is a synthesis report. It distills publicly-available 2025-2026 research from Verizon DBIR, IBM Cost of a Data Breach, Sophos State of Ransomware, FBI IC3, CrowdStrike, Mandiant M-Trends and CISA into industry benchmarks, attack-vector trends and program-design implications for security teams running phishing simulation in 2026. We do not publish original aggregate customer data in this report; if you cite figures, cite the underlying sources.

Executive summary

2026 is the year the phishing-simulation industry transitioned from "training program" to "evidence engine." Three forces converged:

Compliance frameworks made testing explicit. PCI DSS 4.0 added continuous-testing language. NYDFS Part 500 added "including for phishing attacks" in 2023. CMMC 2.0 introduced third-party assessment of NIST 800-171 AT family controls. The frameworks are no longer satisfied by annual content delivery.
Cyber insurance underwriting standardized phishing-program questions. Renewal applications in 2026 universally ask about continuous program existence, click-rate trends, auto-assigned remediation and reporting cadence. Programs without continuous testing face higher premiums.
Attack tradecraft outran static defenses. AiTM kits commoditized. AI-generated lures eliminated bad-grammar tells. Multi-channel phishing (email + SMS + voice) bypassed email-gateway defenses entirely. Standard MFA (push, TOTP) became insufficient for AiTM-class attacks.

The cumulative effect is that phishing simulation programs in 2026 are doing two things at once: producing evidence the compliance and insurance side demand, and training the recognition behavior the threat-landscape side demands. Programs that produce one without the other increasingly fail in production.

Click-rate benchmarks by program maturity

Industry-wide click-rate ranges, synthesized from major SAT vendors' published benchmarks, Verizon DBIR social engineering data and academic research:

Program maturity	Typical click rate range	Notes
Year 1, no prior testing	25-35%	Baseline susceptibility before any program intervention
Year 1, after 6-12 months	12-20%	First measurable improvement window with monthly cadence
Year 2-3, mature program	5-12%	Most programs plateau here without difficulty progression
3+ years, advanced	<5%	Auto-assigned remediation + difficulty progression + multi-channel

The 25-35% baseline figure has been remarkably stable across vendor publications and academic studies for years. The mature-program plateau has shifted slightly downward over the last 5 years as auto-assigned remediation has become standard, but the order-of-magnitude shape is the same. Industry-specific click-rate benchmarks covers vertical-level variations.

Click-rate variation by industry

Vertical-level click-rate ranges (synthesized; expect ±3% variation depending on report and methodology):

Education (K-12 and higher ed) - typically the highest click rate (35-45% baseline; 8-15% mature). Fast user turnover, large student population, broad attack surface.
Healthcare - high click rate (30-40% baseline; 7-13% mature). Tightly regulated but operationally complex; shift workers and clinical-system pressure increase susceptibility.
Financial services - moderate click rate (20-30% baseline; 4-9% mature). Higher security awareness baseline; aggressive program investment.
Manufacturing - moderate-high click rate (28-38% baseline; 8-14% mature). OT/IT cultural divide; plant-floor populations underserved by traditional training.
Technology - lowest click rate (15-25% baseline; 3-7% mature). High security awareness baseline; technical workforce; aggressive testing programs.
Government / Public sector - moderate click rate (25-35% baseline; 5-11% mature). Mandate-driven program adoption; budget-constrained execution.

Attack-vector trends 2025-2026

The shifts that matter for program design:

1. AiTM commoditization

Adversary-in-the-middle reverse-proxy phishing - where the attacker proxies the real authentication flow rather than collecting credentials at a fake login page - has commoditized via phishing-as-a-service operations. Mandiant M-Trends and CrowdStrike Global Threat Report both documented the shift through 2025. The implication: standard MFA (push approval, TOTP, SMS) no longer reliably stops credential theft because the attacker proxies the MFA challenge in real-time. Programs that previously relied on MFA as the post-click defense need to integrate phishing-resistant MFA (FIDO2/passkeys), OAuth consent restrictions, session-binding controls and continuous-simulation training that covers the AiTM attack pattern. MFA bypass phishing attacks covers the five attack patterns in detail.

2. AI-generated lure quality

LLM-generated phishing content eliminated the bad-grammar tells that historically distinguished mass phishing from targeted spear phishing. Click rates on LLM-generated lures are comparable to human-crafted spear phishing in academic studies. Program implication: harder lures need to be more standard than they were previously. Difficulty progression becomes more important to the training value. AI-generated phishing covers the defender-side response.

3. Multi-channel mainstreaming

Smishing (SMS phishing) and vishing (voice phishing) volumes increased materially through 2025-2026. The drivers: email gateways got better, mobile devices remained underserved and AI-generated voice cloning made vishing economically viable at scale. Programs that test only via email now have a known coverage gap. Smishing and deepfake vishing defense cover the threat patterns and countermeasures.

4. Collaboration-tool phishing

Slack, Microsoft Teams and similar collaboration platforms became material phishing vectors in 2025-2026. The dominant patterns: external-chat impersonation, Slack Connect cross-workspace abuse, malicious app installations, in-product file lures. Email gateways do not see this traffic. Collaboration-tool phishing covers the five attack patterns and program response.

5. Ransomware dwell-time compression

Sophos State of Ransomware and Mandiant data both showed dwell-time medians compressing through 2025 - sub-24-hour from initial click to encryption for several active families. The implication for phishing simulation: post-click defenses are too slow. Prevention has to land at click-stage. Ransomware phishing covers the full chain.

Compliance-driven adoption trends

Frameworks that explicitly elevated phishing-program expectations 2024-2026:

PCI DSS 4.0 - moved past annual training; continuous-testing language explicit in Requirement 12.6.
NYDFS Part 500 Second Amendment - added "including for phishing attacks" in Section 500.14(a)(3) (effective 2023-2024).
NIS2 transposition - EU member states transposed NIS2 in 2024-2025; awareness training is explicit in Article 21.
CMMC 2.0 - 32 CFR 170 finalized late 2024; DFARS 252.204-7021 finalized late 2025; phased contract incorporation 2025-2028. Third-party assessment of NIST 800-171 AT family.
HITRUST CSF v11 - raised operational rigor expectations at Implemented and Measured tiers.
FFIEC supplements - increasingly weight YOY trend analysis as maturity indicator; vishing addressed in recent supplements.
SEC 8-K cybersecurity disclosure rule (effective Dec 2023) - material cybersecurity incidents must be disclosed; awareness program effectiveness becomes investor-relations consideration for public companies.

The compliance comparison hub covers the cross-framework evidence overlap in detail.

Cyber insurance underwriting trends

Cyber insurance applications in 2026 universally ask about phishing programs across all major writers in the cyber-insurance market. The standard application question set covers:

Continuous phishing simulation program existence (yes/no)
Frequency (annual / quarterly / monthly / weekly)
Click-rate trend over the last 12 months
Auto-assigned remediation training (yes/no)
Scope (all employees / privileged only / contractors included)
Reporting cadence to leadership

Organizations without a continuous program face higher premiums; mature programs see material premium reductions and broader sub-limit coverage. The cyber-insurer renewal walkthrough covers the question set in operational detail. Reducing premiums via phishing training covers the leverage angles.

What's changing in program design

Five 2026 program-design shifts driven by the trends above:

Multi-channel becomes table stakes. Email-only programs have a known coverage gap that compliance frameworks and underwriters will start to surface as findings. Email + SMS + voice is the operational standard.
Difficulty progression matters more. AI-generated lures collapse the easy/hard distinction at the content level. Program design needs explicit difficulty progression - easy lures train volume defense; hard lures train against the targeted attacks that cause most ransomware incidents.
Auto-assigned remediation is required, not optional. Manual remediation is increasingly cited as insufficient evidence by insurers, examiners and assessors. Behavior-triggered just-in-time learning is the default expectation. Auto-assigned training covers the implementation pattern.
YOY trend evidence is required. Annual snapshots are no longer enough. Quarterly trend reports across the assessment cycle are what examiners and underwriters look for. Programs that just-in-time-build evidence in the weeks before assessment are surfaced as findings.
Phishing-resistant MFA gets bundled into the program. AiTM commoditization means standard MFA is no longer the post-click backstop. Programs that integrate FIDO2/passkey rollout with phishing simulation evidence (e.g., simulating AiTM patterns to show passkey-protected accounts behave correctly) produce stronger evidence packages.

Methodology note

The figures in this report are synthesized from publicly-available research. Specific sources cited or implicitly referenced:

Verizon Data Breach Investigations Report (DBIR) - annual social engineering action data and breach incident counts
IBM Cost of a Data Breach Report - average breach costs by attack vector
Sophos State of Ransomware - dwell time, attack frequency, defense effectiveness
FBI IC3 Internet Crime Complaint Center annual reports - BEC volume, total reported losses by category
CrowdStrike Global Threat Report - adversary tradecraft trends
Mandiant M-Trends - attack-chain dwell time, initial-access vector distribution
CISA advisories and joint cybersecurity advisories - specific threat actor TTPs
Major SAT vendors' published benchmarks (KnowBe4, Proofpoint, Cofense, Hoxhunt) - click-rate ranges by industry
Academic research (peer-reviewed studies on phishing susceptibility, LLM-generated lure effectiveness)

If you reproduce or cite figures, cite the underlying source rather than this report.

Where Bait & Phish fits

Bait & Phish is a phishing simulation and security awareness training platform with 15+ years of operating history. The platform produces the operational evidence - campaign records, click-rate trend lines, training completion records, threshold-exceedance documentation - that the 2026 compliance and insurance environment expects. Start a 25-user free trial or talk to us about program design suited to your industry, framework and 2026 underwriting cycle.

This report is informational. Specific program-design, compliance, insurance and assessment decisions are organization-specific - consult appropriate counsel and advisors for tailored guidance.

See also: Phishing Trends 2026 - annual roundup for a focused threat-landscape narrative complement to this benchmarks-driven synthesis.

01may