Impact of Phishing Simulation Campaigns and Security Awareness Training on Human Risk Mitigation in Financial Institutions: A Quantitative Study

Authors

  • Md. Shakhawat Hossen Graduate Assistant, GSAS, Fordham University, New York, USA Author
  • Md. Fardous Masters In Information Technology: Data Analysis & Management, Washington University of Science & Technology; USA Author

DOI:

https://doi.org/10.63125/4j8h1484

Keywords:

Phishing, Security Training, Human Risk, Cybersecurity Behavior, Financial Institutions

Abstract

This study examined the impact of phishing simulation campaigns and security awareness training on human risk mitigation within financial institutions using a quantitative quasi-experimental design. A total of 286 employees from multiple departments, including banking operations, customer service, finance, compliance, and administrative units, participated in the study. Baseline findings indicated moderate cybersecurity awareness (M = 62.4, SD = 8.7) and notable phishing susceptibility, with a click rate of 27.6%, credential submission rate of 11.3%, and reporting rate of 18.9%. The intervention consisted of structured awareness training combined with repeated phishing simulation campaigns conducted over multiple cycles. Post-intervention results demonstrated significant behavioral improvement across all key indicators. The click rate decreased from 27.6% to 14.2%, while credential submission declined from 11.3% to 4.9%, indicating enhanced resistance to phishing attempts. Reporting behavior improved substantially, increasing from 18.9% to 36.5%, reflecting greater employee vigilance and proactive engagement with cybersecurity protocols. Statistical analysis confirmed the significance of these changes, with p-values below 0.05 and effect sizes ranging from moderate to large (Cohen’s d = 0.69–0.91). Regression analysis identified training participation (β = 0.42) and simulation frequency (β = 0.37) as strong predictors of improved cybersecurity behavior. Sub-group analysis revealed variations across departments and experience levels, with customer-facing roles showing higher baseline susceptibility but greater improvement over time. Longitudinal trends across five simulation cycles indicated a progressive decline in risky behaviors and consistent improvement in reporting rates. The findings demonstrate that integrated training and simulation interventions significantly reduce human-related cybersecurity risks. The study contributes to quantitative cybersecurity research by providing empirical evidence that structured, continuous, and data-driven interventions can effectively enhance employee behavior and strengthen organizational resilience against phishing threats in financial institutions.

References

Downloads

Published

2024-10-03

How to Cite

Md. Shakhawat Hossen, & Md. Fardous. (2024). Impact of Phishing Simulation Campaigns and Security Awareness Training on Human Risk Mitigation in Financial Institutions: A Quantitative Study. American Journal of Data Science and Analytics, 5(10), 48-85. https://doi.org/10.63125/4j8h1484

Cited By: