I'm really sad about this result. I enjoyed the phishing tests when my employer had a 3rd party Phish us. Looking at SMTP headers and hovering over links was a good game. This result will allow corporations to avoid the fun training, but still penalize employees for getting phished.