How Globex cut click-through by 40%
After rolling out targeted phishing simulations alongside SnappinQuiz courses, Globex's simulated phishing click rate dropped from 21% to 12.6% in six months.
How Globex cut click-through by 40%
Note: This case study uses placeholder data for illustration purposes. All figures are hypothetical.
Globex Corporation — a multinational engineering and manufacturing firm — ran their first phishing simulation in January and received a result that surprised their CISO: 21% of employees clicked the link in a simulated credential harvesting email. The industry average is around 17%. They were above it.
What they did before SnappinQuiz
Globex had run annual compliance training for four years. 94% completion rate, certificates on file, auditors satisfied. The training was a 40-minute video module followed by a 10-question multiple-choice quiz with unlimited retries.
The intervention
After rolling out SnappinQuiz with role-based course assignments — engineering tracks received the Secure Coding Fundamentals and Social Engineering Tactics modules; all staff received Phishing Awareness — Globex ran simulations at 30, 90, and 180 days.
Results at 180 days:
- Click-through rate: 21% → 12.6% (40% reduction)
- Reporting rate (employees who flagged the simulation to IT): 3% → 11%
- Time-to-report: median 4 minutes after delivery
What made the difference
Globex's security lead attributed the improvement to three factors: shorter modules that employees actually completed during a coffee break rather than abandoning mid-session, scenario-based questions that required thinking rather than pattern-matching to the last lesson, and weekly streak incentives that kept the program in employees' peripheral awareness throughout the year.
The compliance requirement is still met. The behaviour has actually changed.