'CPR' for our Security Awareness Prog.


1 kommentti

  • Avatar
    Emmanuel NICAISE

    Hi Elliott,

    Click ratio is an highly inaccurate measure if you compare different scenarios. Two different scenarios sent at the same population at the same time can have up to 60% of difference in click ratio. So, in order to have a relevant metrics, I use a procedure I have described here: https://www.apalala.be/phishing-exercises-do-we-measure-them-right/

    Still, I see sometime a trend going slightly upward at the end of this year. It is barely significant (statistically) and can be done to exhaustion or to a lack of training (optimal seems to be around 1 exercise per month). Habituation is hard to beat, so, I would recommend to change the landing page and insist on the necessity to report and also maybe communicate the results and the slight increase to your users. That might help. Otherwise, you need to understand what is happening, and you talk to your people is probably the best solution. Get a feeling of the situation.

    Kommenttitoiminnot Pysyvä linkki

Kirjaudu sisään jättääksesi kommentin.