Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple: it works. Nearly one in four people who receive a phishing email open it, and more than 10% click on the malicious link or open the weaponised attachment that the phishing email contains. An attacker has to send only 10 messages to have a 90% probability of catching and compromising a user. The average-sized organisation loses $3.7 million to phishing scams per year, according to the Ponemon Institute.1 And those are just the tangible costs.