Digital Natives more likely to open harmful phishing emails than their older colleagues

  • 18-39 year olds have an average click rate of 29% on phishing emails, which drops to 19% among older age groups   
  • Men tend to click on phishing links more often than women: 23% of male participants opened at least one of the simulated phishing emails, with the average click rate among female participants being more than 10% lower.  
  • Public Sector organisations are most vulnerable to phishing attacks (avg. click rate of 36%) while Manufacturing companies are least likely to click on harmful emails (19%). 

13 October 2022: The assumption that younger people are more digitally-savvy and therefore better able to recognise phishing scams might seem obvious – but Digital Natives aged between 18-39 are actually the most vulnerable age group for phishing scams, according to data from SoSafe.* 

Based on exclusive response data from SoSafe, the results demonstrate that cybersecurity awareness remains worryingly low, with around 31% of participants clicking on at least one simulated phishing email – meaning that 1 in 3 attacks would have been successful. ** 

The study also revealed that email subject lines most likely to generate a click were usually based on emotional manipulation, inducing pressure, anxiety or curiosity, and appealing to authority as well as financial desires.** 


  • Younger users are more likely to click on a phishing email than any other age group, with an average click rate of 29%.* 
  • Older users (aged 50+) are significantly more careful about opening emails, with an average click rate of just 19%.* 
  • Men tend to click on phishing links more often than women; nearly one in four male participants  (23%)  clicked  on  one  of  the  phishing  mails, compared to 20% of females.* 
  • Public Sector organisations (including critical infrastructure organisations such as hospitals) appear to be the most vulnerable to phishing attacks with a click rate of 36%.*** 
  • In contrast, the average click rate in the Manufacturing sector is only 19%. 
  • 99% of respondents say that strengthening their organizations’ security culture will be important in the coming year.** 

Dr Niklas Hellemann, CEO at SoSafe, said: “Today’s sophisticated cybercriminals deploy a broad set of psychological tactics that exploit human emotions like stress, fear or respect for authority – and our data highlights why awareness of the threat landscape plays an absolutely crucial role in cybersecurity culture. Even – or especially – the ones with the highest digital literacy are vulnerable to digital threats. Investing in technological barriers is of course vital, but companies also need to act now to empower their teams to spot threats and react accordingly – otherwise tech alone is powerless to protect.” 

About SoSafe  

SoSafe empowers organisations to build a security culture and mitigate risk with its GDPR-compliant awareness programs. The company was founded in Germany in 2018 by psychologist and former BCG consultant Dr. Niklas Hellemann, Digitalization Expert and previous McKinsey consultant Lukas Schaefer, and seasoned software engineer Felix Schuerholz. Today, it serves more than 2500 customers worldwide and is the market leader in security awareness and training in the DACH region and one of the largest platform vendors in Europe. As one of the leading second-generation awareness platforms, they are powered by behavioural science and smart algorithms and focus on user engagement and the needs of the customer. In doing so, SoSafe delivers engaging, personalised learning experiences and smart attack simulations that turn employees into active assets against online threats.   

Website: www.sosafe-awareness.com/   

LinkedIn: www.linkedin.com/company/sosafe-cyber-security/mycompany/  


Notes to Editors  

* Phish Test: The annual study on general phishing awareness, conducted by SoSafe and Botfrei, which provides demographic insights into the click behaviour of users. In 2021, over 1350 users took part, and received realistic phishing emails that had to be identified.  

** Data from SoSafe’s Human Risk Review 2022, based on exclusive response data from the SoSafe Awareness Platform, which anonymously evaluated over 4.3 million simulated phishing attacks from 1500 customer organisations in 2021, and analysed the probability of success of various attack tactics. 
*** Data from SoSafe’s Human Risk Review 2021, in which 1.4 million simulated phishing attacks from 200 customer organisations was captured. 

Contact our press team

Get in touch with our communications team for any press inquiries.
Laura Hartmann - Press Team

Laura Hartmann


Download our brand assets

Take advantage of our brand assets to understand how to speak about us appropriately wherever you need to.

News Images

Logo Set