The Phish-failure Percentage is the percentage of users who failed a phishing test. Unlike the Phish-prone Percentage, the Phish-failure Percentage does not keep track of how many ways a user failed, only that they did fail.
The user "fails" the phishing test if they perform at least one of the following actions:
- Clicking the embedded link in either the email body or within an email attachment
- Entering data on a landing page
- Opening an attachment
- Enabling a macro on an attachment
- Replying to the simulated phishing email
- Calling the number and entering the callback code in a callback phishing email
- Entering personal information in a callback phishing call
This percentage is then calculated by dividing the number of times the user failed a phishing test by the number of phishing tests they've received. As an example, if the user "fails" one test out of five, their Phish-failure Percentage will be 20%.
A higher Personal Phish-failure Percentage indicates the individual user is more likely to fall for an email-born social engineering attack.
Campaign Phish-failure Percentage
A phishing campaign's Phish-failure Percentage is calculated based on the number of users who failed a phishing test divided by the total number of users who received a phishing test in that campaign.
For example, if 100 people received emails, and 52 of them clicked a link in the email and eight of those users also entered data into the landing page, the Phish-failure Percentage for that campaign would be 52%.