You might want to sit down for this one.
If you haven’t been phished, then you probably think your phishing simulations are working. If you have been phished, then you probably think your new simulations are working and that it won’t happen again.
And those are pretty reasonable assumptions.
Or are they?
How can you be sure that you haven’t been phished? Or that you won’t be phished again?
Well, you can’t. People don’t always report phishing emails. People don’t always know that they’ve been phished. People slip up.
What you can do is lower the chances of those slip ups. Lower your risk. That starts with doing phishing simulations the right way.
And we’ll tell you how at our free webinar, “How to reduce phishing risk in the insurance industry”.
For now, let’s look at the main reason your phishing simulations aren’t reducing your human risk.
Ya Basic
Yup, you’re basic. That’s it. We said what we said!
You use click rates and report rates as a measure of success. You think tick-box awareness training is an appropriate intervention. You call it quits after a couple of weeks.
Ya basic.
If your phishing campaigns aren’t designed to influence security behavior—and if you’re not consistently measuring those behaviors—what are you even doing?
You’re not lowering your human cyber risk, that’s for sure.
Yeah, yeah, your click rates are going down. But so what? They’re just going to shoot back up again when you send a convincing phishing email. If it looks legit, they’re gonna click.
Yeah, your people are attending awareness training. But how many people drink two liters of water and floss everyday? Awareness doesn’t mean sh*t. It doesn’t translate to behavior change.
And don’t even get us started about your quarterly one-and-done simulations.
“But that’s how everyone does it!”
Yeah, because they’re basic too.
The industry’s been stuck on the old way of running phishing campaigns for far too long. There’s a better way. An effective way. A way that can actually help you reduce your human cyber risk.
And we’re going to tell you all about it.
Stop being basic. Register for our free webinar, “Reducing phishing risk in the insurance industry”.