Phishing Reports

Last updated:

How Phish-failure Percentage is Calculated

The Phish-failure Percentage is the percentage of users who failed a phishing test. Unlike the Phish-prone Percentage, the Phish-failure Percentage does not keep track of how many ways a user failed, only that they did fail.

The user "fails" the phishing test if they perform at least one of the following actions:

  • Clicking the embedded link in either the email body or within an email attachment
  • Entering data on a landing page
  • Opening an attachment 
  • Enabling a macro on an attachment
  • Replying to the simulated phishing email
  • Calling the number and entering the callback code in a callback phishing email
  • Entering personal information in a callback phishing call

This percentage is then calculated by dividing the number of times the user failed a phishing test by the number of phishing tests they've received. As an example, if the user "fails" one test out of five, their Phish-failure Percentage will be 20%.

A higher Personal Phish-failure Percentage indicates the individual user is more likely to fall for an email-born social engineering attack.

Campaign Phish-failure Percentage

A phishing campaign's Phish-failure Percentage is calculated based on the number of users who failed a phishing test divided by the total number of users who received a phishing test in that campaign.

For example, if 100 people received emails, and 52 of them clicked a link in the email and eight of those users also entered data into the landing page, the Phish-failure Percentage for that campaign would be 52%.

Can't find what you're looking for?

Contact Support