Cimento is headed to Black Hat USA — catch us in Vegas, Aug 1–6

Black Hat USA 2026 · Aug 1–6

Book a Meeting →

Book a Meeting →

Home / Topics / Phishing Simulation Fatigue

Problem Brief

Phishing simulation fatigue.

When employees can spot your simulations, your click rate measures familiarity with the vendor’s templates — and nothing else.

When employees can spot your simulations, your click rate measures familiarity with the vendor’s templates — and nothing else.

When employees can spot your simulations, your click rate measures familiarity with the vendor’s templates — and nothing else.

Simulation fatigue is what happens when the same lures arrive on the same channel on a predictable schedule. Click rates drop, dashboards look great, and actual resilience is unknown.

The Problem

Falling click rates can hide rising risk.

01

Template recognition

After a few quarters, employees recognize the vendor’s house style — the fonts, the fake brands, the too-obvious urgency — and flag the familiar format on sight.

02

Predictable cadence

Simulations land on a schedule. Office chatter (“heads up, it’s phishing test week”) does the rest. Your quarterly click rate measures a warned population.

03

Metric decay

Click rates fall over time regardless of real-world resilience. Teams report improvement while incident data tells a different story.

Why Legacy Training Struggles

The fatigue is structural.

Template libraries, campaign scheduling, and email-only delivery are the operating model of legacy SAT platforms. Each one independently produces fatigue — together they guarantee it. Adding more templates doesn’t fix a system where every test looks like a test.

What Modern Looks Like

Realism removes the tells.

Generated per recipient

Every lure is unique — written for the recipient’s role, timed to their context. There is no house style to memorize.

Multi-channel

A text one month, a voice call the next, an email that references both. Fatigue can’t build on a channel employees didn’t expect.

Continuous, low-volume

No test weeks. Simulations arrive at realistic frequency, so there’s no schedule to leak and no chatter to warn the office.

Cimento's Approach

Signal restored.

Cimento generates role-adapted scenarios across email, SMS, and voice, continuously and inside scope you approve. When a lure lands, it measures something real — and failure triggers 60 seconds of private coaching.

AI-generated lures with no reusable tells

Channel rotation across email, SMS, and voice

Role-based targeting so scenarios stay plausible

Blameless coaching that keeps engagement intact

FAQ

How do I know if my program has simulation fatigue?

Won't harder simulations just annoy employees?

Does a lower click rate ever mean real improvement?

Find out what your click rate is hiding.

Run a 14-day Human Risk Baseline with scenarios your employees have never seen, on channels your program has never tested.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.