Let’s talk about the elephant in the room.
Phishing is still the single biggest way attackers get in. IBM just put out their latest report for 2025, and for the first time phishing has officially overtaken stolen credentials as the number one way organizations are breached. It is the front door—and people are still holding it wide open.
And yet, the way the industry responds hasn’t changed in a decade.
We run a phishing simulation. Someone clicks. We show them a quick video. Maybe they pass the next test. Then, a few months later, they click again.
The truth no one wants to admit? These simulations sound good on paper but don’t work in practice. In some cases, the research out of UC San Diego shows they actually make users more likely to click over time. Why? Because there’s no consequence. No moment that connects that click to the damage it can do. And nothing changes on the network. We pat ourselves on the back for “doing security awareness training,” but the risk is still there.
That’s not security. That’s hope.
Hope doesn’t stop a breach.
The Missing Piece: Real Consequences and Real Cleanup
Here’s the core problem. A simulated phishing click today just ends with a pop-up. It doesn’t help the user feel the risk in their gut. It doesn’t fix the broken processes and gaps that left that network vulnerable in the first place. It’s a dead-end exercise.
So we built something different. Something that gets to the root of why people keep clicking.
And earlier this year, that approach was awarded a patent.
Our Patented ClicktheLink Process
I want to explain this in plain language because it’s a game-changer for every MSP who has struggled with this.
When someone clicks a suspicious link in our system, we don’t just say “gotcha.” That click becomes a trigger. It kicks off a process that does three things:
First, it engages that user in real time. We don’t wait until next quarter to show them a slide deck. We confront the behavior right then with feedback that makes the risk real.
Second, it ties that click to what matters: the damage it could have done. We use that moment to close the loop so the user sees the impact, and the MSP sees exactly what would have happened if it had been a real attacker.
Third, and most importantly, it doesn’t stop at the human. The click sets off a deeper assessment across the environment so the MSP can see where there are gaps that would have let that attack spread. It turns a single user mistake into an opportunity to harden the entire network.
In other words, it’s not a “simulation” anymore. It’s a feedback loop that builds a stronger security posture every time someone clicks.
What Changes When You Adopt This
When MSPs start using this approach, two things happen.
The first is human: user behavior starts to change. Not because they watched another 10minute training video, but because they’ve felt the consequence of the click in a way that sticks.
The second is structural: MSPs stop living in denial about how fragile their environments can be. Each click exposes the real risks and weaknesses hiding under the surface. And then you get to fix them, one by one.
That’s how you get out of the cycle of “test, fail, repeat.” You build a system that gets better every time it’s tested.
Phishing isn’t going away. Users will keep clicking. But now we finally have a way to turn every click into an improvement rather than a liability.
This patent is the start of a shift for our partners: from hoping people don’t click, to proving they can’t bring a network down when they do.
That’s what this industry has needed all along.
