Resiliency rate is an important metric in security awareness training (SAT), as it measures how successful a program has been in preparing employees to recognize and respond to potential threats.
By understanding how resilient their workforce is, organizations can better equip them with the necessary skills and knowledge to protect their company from malicious cyberattacks. Additionally, resiliency rate helps inform decision makers of the effectiveness of current SAT initiatives and allows them to adjust their strategies accordingly.
Regular assessments of resiliency can help ensure that employees remain prepared for any new threat landscape that may arise in the future. This is why it's essential to regularly evaluate the effectiveness of your organization’s SAT program to ensure maximum protection from cyber threats.
5 Ways Organizations Can Maximize Their Resiliency Rate
Maximizing your resiliency rate is an excellent goal for SAT programs and focuses the program on reducing risk through detection. Here are 5 ways you can maximize your organization’s resiliency rate:
- Focus on creating a positive, rather than punitive, culture around reporting. Empowering your employees to report without fear of repercussion increases reporting rates and improves resiliency.
- Prioritize relevancy of simulation content rather than breadth to improve employee detection rates.
- Send simulations when employees are active in their inboxes to increase potential for reporting.
- Communicate current threats, conduct frequent (recommend monthly) simulations, and follow-up with users who need more conditioning to increase user engagement.
- Incorporate rewards and recognition programs for users who report suspected threats to improve morale and foster a culture of reporting.
For those who want more insights on resiliency rates, and how they might differ from susceptibility rates, let’s dive in.
What Are Resiliency and Susceptibility Rates?
Resiliency rate is the “heartbeat” of your SAT program and is a key metric in evaluating your email risk profile. Resiliency rate is the ratio of users that reported an email, without falling susceptible to it, compared to the total number of susceptible users to that email.
A susceptible user is a user that fell victim to an email, such as clicking on a malicious link. Susceptibility rate is how many users fell victim to an email to the total number of users that received that email and is often expressed as a percentage.
For example, a phishing email with a malicious link is delivered to ten users. Seven users do not engage with the email, two users report the email and do nothing else, and one user clicks on the malicious link. This organization would have a resiliency rate of 2.00 and a susceptibility rate of 10%.
Why Resiliency Rate is a Better Measurement than Susceptibility
When it comes to email security, resiliency rate is a vital metric for evaluating the performance of training efforts. By tracking resiliency over time, organizations can measure how well users are able to recognize and respond to phishing emails and other potential threats. This helps organizations not only identify areas that need improvement when it comes to SAT, but also track the performance of their security efforts over time. While susceptibility rate can provide an initial measure of how well users are able to recognize and respond to threats, using resiliency rate gives organizations a more comprehensive picture of their security posture.
Susceptibility is a common SAT metric, but focusing on susceptibility alone is a defensive approach, centered around program failure. Resiliency is a positive, growth-centric approach. When the number of reports equals the number of clicks (1.00), the attacker’s edge is reduced. When the number of reports exceeds the number of clicks (>1.00), the phishing email is more likely to be reported than to have a user fall susceptible. While susceptibility measures how many users are likely to be compromised, resiliency measures how likely you are to detect an attack compared to being compromised.
So, What’s Next?
Don’t let your organization fall victim to a breach. Contact us today to learn more about how our security awareness training and intelligent end-to-end email security solutions can help increase your employees’ resiliency and keep your most critical assets safe.