The latest Gone Phishin' event, finds that about 20% of the subjects were compromised by a simulated phishing email; almost 15% did not recognize a malicious download site. Larger organizations, or those that would be expected to have more robust security training programs, tended to fare the worst.