Organizations worldwide stand to lose an estimated $9 billion in 2018 to employees clicking on phishing emails. We hear about new phishing attacks regularly from the news and from our friends. So why do so many people still click? NIST research has uncovered one reason, and the findings could help CIOs mount a better defense.

The findings—distilled in the brief video below—reveal that context plays a critical factor in why users click or don’t click on a phishing email. The more the context of the message seems relevant to a person’s life or job responsibilities, the harder it is for them to recognize it as a phishing attack.

 …