Case Study: Royal Bank of Scotland achieves a 78% reduction in phishing susceptibility with Proofpoint Anti-Phishing Training Suite

Royal Bank of Scotland Reduces Phishing Susceptibility

Royal Bank of Scotland (RBS), a global financial institution with 80,000 email users, faced rising phishing and malware attacks and low employee engagement in spotting threats. Security awareness lead Lesley Marjoribanks launched a program to make staff accountable and secured executive buy‑in by quantifying the potential cost of a ransomware incident.

RBS deployed Proofpoint’s Anti‑Phishing Training Suite—ThreatSim phishing simulations, just‑in‑time “Teachable Moments,” auto‑enrolled interactive training and managed services—rolled out to all 80,000 users. The continuous program cut phishing susceptibility by more than 78% (click rates fell from 47% to 22% in two months and now sit at about 7–9%), delivered clear ROI by reducing successful attacks, and improved stakeholder engagement and visibility through robust analytics.

Royal Bank of Scotland

Lesley Marjoribanks

Customer Security Manager and Security Awareness Lead