They’re counting basic, shot gun style phishing texts and emails here. This suggests to me that they’re not really measuring targeted attacks very well. Without reading about their methodology, I would guess that this might be more related to device use cases and policy differences in organizations to treatment of Android vs iOS devices, than it is related to phone model.

Wow, that’s a surprising stat. Users tend to be pretty complacent, though enterprise generally get repetitive warnings and education about this stuff.

SMB is even worse.

More accurately, and frankly, more interestingly:

Users of enterprise iOS devices nearly twice as likely to fall victim to phishing attacks as users of enterprise Android devices

So it’s iOS users who are more vulnerable, not the OS itself.