Phishing constitutes more than 90\% of successful cyberattacks globally, remaining one of the most persistent threats to organizational security. Despite organizations tripling their cybersecurity budgets between 2015 and 2025, the human factor continues to pose a critical vulnerability. This study presents a 12-month longitudinal investigation examining how continuous cybersecurity training and emotional cues affect employee susceptibility to phishing. The experiment involved 20 organizations and over 1,300 employees who collectively received more than 13,000 simulated phishing emails engineered with diverse emotional, contextual, and structural characteristics. Behavioral responses were analyzed using non-parametric correlation and regression models to assess the influence of psychological manipulation, message personalization, and perceived email source. Results demonstrate that sustained phishing simulations and targeted training programs lead to a significant reduction in employee susceptibility, halving successful compromise rates within six months. Additionally, employee turnover introduces measurable fluctuations in awareness levels, underscoring the necessity of maintaining continuous training initiatives. These findings provide one of the few long-term perspectives on phishing awareness efficacy, highlighting the strategic importance of ongoing behavioral interventions in strengthening organizational cyber resilience. In order to support open science, we published our email templates, source code, and other materials at https://github.com/CorporatePhishingStudy

翻译：钓鱼攻击占全球成功网络攻击的90%以上，持续成为组织安全面临的最顽固威胁之一。尽管2015年至2025年间组织的网络安全预算增加了两倍，人为因素仍是关键脆弱点。本研究通过为期12个月的纵向调查，探讨持续网络安全训练与情感线索如何影响员工对钓鱼攻击的敏感性。实验涉及20个组织及超过1,300名员工，共接收超过13,000封模拟钓鱼邮件，这些邮件设计包含多样化的情感、情境与结构特征。通过非参数相关性分析与回归模型对行为响应进行分析，以评估心理操纵、信息个性化及感知邮件来源的影响。结果表明，持续的钓鱼模拟与针对性训练计划能显著降低员工敏感性，在六个月内使成功入侵率减半。此外，员工流动会导致安全意识水平出现可测量的波动，凸显了维持持续训练计划的必要性。这些发现为钓鱼意识培养效果提供了少数长期视角之一，强调了持续行为干预在增强组织网络韧性方面的战略重要性。为支持开放科学，我们已将邮件模板、源代码及其他材料发布于https://github.com/CorporatePhishingStudy。