Missed phishing simulations
Should missing simulated phishing emails count against your security risk? I have missed very few due to being on vacation or out of the office, but it still seems to be counting against my otherwise perfect security risk score. What if they are caught by a spam filter I have set up?
I can't be the only one that thinks this mechanic needs some polishing.
Missing a simulated phishing email does not actually negatively affect risk. Risk score is actually evaluated on quite a few different factors, such as phish-prone percentage, training taken, job function, and many more. If you were concerned about lowering risk, I have an article here that might prove useful for you.
Please sign in to leave a comment.