The average SMB company has people that act very differently with their personal email due to they need to protect their checking account that has $400 in it. But have no such measurement or reluctance with work email. They are "clickers". There are also "repeat clickers", "serial clickers", and "frequent clickers". The only thing this study is doing is automating a small part of the profiling and preparation.

There was yet another study titled "Why Employees (Still) Click on Phishing Links" by NIH. (2020) https://pmc.ncbi.nlm.nih.gov/articles/PMC7005690/

Given the pathology, clicking is the visible and obvious symptom.