---
title: "The Misguided Solution to the Phishing Problem | DuoCircle"
description: "About a year ago, information security company Shred-it released a report saying “Employee negligence is the main cause of data breaches."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/phishing-protection/the-misguided-solution-to-the-phishing-problem/"
---

Quick Answer

Awareness training reduces phishing clicks but cannot eliminate them, and cyber risk is binary: one click breaches the organization. KnowBe4 data shows continuous training across a full year takes the phish-prone rate to about 2 percent at best, and other research finds 1 in 4 employees know the security guidelines and ignore them anyway. Cost comparison for 150 employees per year: KnowBe4 training around 3,300 dollars; cloud-based phishing protection technology with real-time link scanning around 540 dollars. The lower-cost option is also more effective because it doesn't depend on human judgment under time pressure. Recommendation: run awareness training as the first line of defense for the residual cases, but invest in technical phishing protection first, since it stops the message before any user has to make a decision.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fthe-misguided-solution-to-the-phishing-problem%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Misguided%20Solution%20to%20the%20Phishing%20Problem&url=undefined%2Fblog%2Fphishing-protection%2Fthe-misguided-solution-to-the-phishing-problem%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fthe-misguided-solution-to-the-phishing-problem%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fthe-misguided-solution-to-the-phishing-problem%2F&title=The%20Misguided%20Solution%20to%20the%20Phishing%20Problem "Share on Reddit") [ ](mailto:?subject=The%20Misguided%20Solution%20to%20the%20Phishing%20Problem&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fthe-misguided-solution-to-the-phishing-problem%2F "Share via Email") 

![phishing problem](https://media.mailhop.org/duocircle/images/2019/08/email-smtp-service-4526.jpg) 

About a year ago, information security company Shred-it released a [report](https://www.cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html) saying “_Employee negligence is the main cause of data breaches_.” I have no doubt that’s true. The part I disagree with is the solution.

The solution that’s being promoted for the “employee” problem is **phishing awareness training**. And not just training, but MORE training. There’s only one problem with this way of thinking: it won’t **eliminate data breaches**.

Those in the know even admit this. According to a recent article in SC Magazine, when discussing employee education, Zvi Guterman, CEO of CloudShare said, “Best of all, _reducing cyber incidents through education and training is achievable_…” Did you see what he did there?

[![email security service](https://media.mailhop.org/duocircle/images/2019/08/smtp-1240.jpg)](https://media.mailhop.org/duocircle/images/2019/08/smtp-1240.jpg)

Employee awareness training will reduce, but not eliminate, cyber incidents. And that’s the problem. Until companies can get to zero cyber incidents, they have a cyber security problem. It only takes one breach.

Imagine these two extreme approaches to email security. In approach #1, the company uses no [email security service](/), but every employee has awareness training. In approach #2, there’s email security technology in place to **prevent phishing**, but none of the employees receive any awareness training. Which approach do you think will be more effective?

We [know](https://www.knowbe4.com/resources/point-of-failure-phishing-training-does-not-work/) from research, that after one year of continuous employee training, the best possible **result is 98% effectiveness**. And that’s when employees care about security. What we also [know](https://www.darkreading.com/threat-intelligence/1-in-4-workers-are-aware-of-security-guidelines---but-ignore-them/d/d-id/1334492?%5Fmc=NL%5FDR%5FEDT%5FDR%5Fweekly%5F20190425&cid=NL%5FDR%5FEDT%5FDR%5Fweekly%5F20190425&elq%5Fmid=90687&elq%5Fcid=28171904) from research is that “1 in 4 workers are aware of security guidelines, but ignore them.” Still think training is the way to go?

[![phishing protection technology](https://media.mailhop.org/duocircle/images/2019/08/smtp-providers-6574.jpg)](https://media.mailhop.org/duocircle/images/2019/08/smtp-providers-6574.jpg)

There’s nothing wrong with awareness training. Every organization should have an ongoing educational program. But it’s not enough. _Education alone will leave your company vulnerable for certain_.

If your company is on a limited budget, the best investment you can make is [phishing protection technology](/email/phishing-protection) with real-time link click protection. Not only is it more effective at stopping **phishing attacks**, but it’s far cheaper than awareness training.

To train 150 employees for a year by training company [KnowBe4](https://www.knowbe4.com/pricing-kevin-mitnick-security-awareness-training) costs up to $3,300/year. To protect those same 150 employees for a year with [phishing prevention](/email/phishing-protection) technology costs only $540/year. That’s right, something that’s better actually costs less.

Phishing is a problem, we all agree. If you have the budget, purchase every form of protection you can, including training your employees. But the first thing you should invest in, if you want to keep your company’s data safe, is **phishing protection** with real-time link click protection.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Phishing 11m  AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough  Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[  Phishing 5m  10 Applications of ChatGPT that Hackers Are Already Exploiting  May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[  Phishing 4m  65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks  Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[  Phishing 9m  7 Ways to Protect Your Organization from Email-based Ransomware Attacks  Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Misguided Solution to the Phishing Problem","description":"About a year ago, information security company Shred-it released a report saying “Employee negligence is the main cause of data breaches.","url":"https://www.duocircle.com/blog/phishing-protection/the-misguided-solution-to-the-phishing-problem/","datePublished":"2019-08-13T00:44:13.000Z","dateModified":"2025-05-27T14:02:32.000Z","dateCreated":"2019-08-13T00:44:13.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/the-misguided-solution-to-the-phishing-problem/"},"articleSection":"phishing-protection","keywords":"","wordCount":409,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/08/email-smtp-service-4526.jpg","caption":"phishing problem","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"The Misguided Solution to the Phishing Problem","item":"https://www.duocircle.com/blog/phishing-protection/the-misguided-solution-to-the-phishing-problem/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"The Misguided Solution to the Phishing Problem","item":"https://www.duocircle.com/blog/phishing-protection/the-misguided-solution-to-the-phishing-problem/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Misguided Solution to the Phishing Problem","description":"About a year ago, information security company Shred-it released a report saying “Employee negligence is the main cause of data breaches.","url":"https://www.duocircle.com/blog/phishing-protection/the-misguided-solution-to-the-phishing-problem/","datePublished":"2019-08-13T00:44:13.000Z","dateModified":"2025-05-27T14:02:32.000Z","dateCreated":"2019-08-13T00:44:13.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/the-misguided-solution-to-the-phishing-problem/"},"articleSection":"phishing-protection","keywords":"","wordCount":409,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/08/email-smtp-service-4526.jpg","caption":"phishing problem","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```