Email Security Needs More Seatbelts: Why Click Rate Is The Wrong... (2026)
So many security teams still measure phishing with the click rate. It’s easy to track and easy to put in a slide deck, but it’s also misleading. Measuring clicks is like "measuring the tide coming and going"—it fluctuates naturally and rarely predicts real-world impact.
The more meaningful question is the one most programs can’t answer: If an attacker gets into a mailbox, how much damage can they do?
That is your true maturity metric. Not completion rates, and not who remembered to hover over a URL. Even if your click rates are minuscule, all it takes is a single employee not paying attention. Not to mention the growing prevalence of inbox breaches that occur without any phishing attack at all.
In the incidents that keep CISOs awake, phishing is just how access is obtained. The real problem is what happens once an attacker is inside:
MFA isn't a silver bullet here—there are plenty of ways into a cloud workspace that bypass it entirely. If compromises are inevitable, the goal shifts from perfect prevention to resilience.
By implementing automated remediation workflows for your cloud workspace, Material Security handles the tedious stuff—like clawing back sensitive attachments or revoking risky third-party app permissions—without requiring manual intervention for every event.
Most email security tools on the market today focus solely on stopping inbound attacks–prevention. And this is of course critical–but it can’t be the only protection. Modern attacks move too fast, they come at too great a scale, and they’re too sophisticated. Any program relying on inbound protection alone is insufficient.
Most organizations do fairly well at prevention, though often too limited in scope. More mature organizations have some detection and response capabilities. But very few effectively manage containment.
Containment isn’t glamorous and doesn’t fit neatly into an existing security category. But it can also have an incredible impact on the severity of a breach.
Think of it this way: prevention is maintaining your car, driving safely, and avoiding accidents. Detection and response is making sure everyone’s OK and calling for help after an accident. Containment is the seatbelt and airbags: the safety measures that make the crash less catastrophic.
Source: BleepingComputer
