Atas, MehmetSevimli Deniz, Serpil2026-04-022026-04-0220262056-496110.1108/ICS-09-2025-0342https://hdl.handle.net/123456789/30138https://doi.org/10.1108/ICS-09-2025-0342Purpose-This study aims to quantify phishing susceptibility among new hires (<90 days) and evaluate the effectiveness of behaviour-aware onboarding interventions. Design/methodology/approach-This study analyses multi-organisation behavioural telemetry from artificial intelligence-assisted phishing simulations (n = 237 organisations). Paired pre/post analyses were conducted using McNemar tests for binary outcomes and paired t-tests or Wilcoxon signed-rank tests for continuous measures, complemented by role- and department-level stratifications. Findings-New hires exhibited substantially higher phishing susceptibility (71%) compared with tenured employees (49%), corresponding to an approximate 45% relative increase. In organisations implementing adaptive, role-aware micro-training during onboarding, average susceptibility decreased by approximately 30%, reaching around 50%, with statistically significant paired effects. Scenario-level risk was highest for CEO impersonation and HR-portal look-alike lures. Post-training, reporting rates increased and time-to-detection (TTD) improved. Research limitations/implications-The design is observational and scenario metadata are incomplete in some cases; future work should extend coverage to multi-channel phishing and apply mixed-methods or causal designs to strengthen inference. Practical implications-Organisations should treat new hires as a dedicated risk cohort, prioritise onboarding-look-alike phishing scenarios, embed clear reporting cues from day one, track TTD alongside click-through rates and deliver personalised, adaptive training journeys during the first 90 days of employment. Social implications-The findings highlight the critical need for early cybersecurity education, especially as workforce digitisation increases. By addressing phishing susceptibility during onboarding, organisations not only protect data but also foster a culture of shared digital responsibility. This approach promotes long-term behavioural change, reduces the social cost of data breaches, and equips employees with essential cyber hygiene practices. Encouraging adaptive, inclusive training ensures equitable protection for all staff, regardless of technical background, thereby supporting a more secure and digitally literate society. Originality/value-This study provides onboarding-specific, quantitative evidence across sectors, linking phishing-simulation telemetry with targeted micro-learning and real-time behavioural feedback. The findings position onboarding as a distinct human-cyber-risk phase that requires behaviour-driven controls rather than generic awareness training.eninfo:eu-repo/semantics/closedAccessHuman-Centric CybersecurityPhishing SusceptibilityAdaptive TrainingBehavioural RiskEmployee OnboardingCybersecurity AwarenessArticle