41.6% of South Korean Workers Fall for Simulated Phishing Emails

In a recent cybersecurity exercise, 41.6% of South Korean employees opened simulated phishing emails. The exercise involved 630 companies and over 255,000 employees, conducted by the Ministry of Science and ICT and the Korea Internet & Security Agency. The phishing simulation targeted 569 companies, with 12.7% of participants clicking on attachments that would have led to malware infections. Companies that regularly conducted their own training fared better, with large firms showing a lower email open rate of 35.4% and a simulated infection rate of 9.8%. The exercise also included testing for distributed denial-of-service attacks and vulnerability assessments, revealing 28 types of security vulnerabilities. Officials emphasized the importance of regular training in enhancing cybersecurity awareness. The exercise took place from May 11 to May 22, 2026.

Key Points: • 41.6% of South Korean employees opened simulated phishing emails during a government exercise. • Companies with repeated training saw significantly lower rates of email openings and infections. • The exercise revealed 28 types of vulnerabilities across 241 companies, highlighting security weaknesses.