Cofense Logo - Email Security Solutions

Refocus Your Anti-Phishing From Vulnerability To Capability.

Share Now


In our 2017 Enterprise Phishing Resiliency and Defense Report, PhishMe® discusses the importance of moving past susceptibility as a key indicator of anti-phishing program success. We want to shift the conversation from vulnerability (susceptibility) to capability (resiliency).

That is, what are an organization’s current anti-phishing capabilities—and how is positive behavior increasing them over time to build resiliency?

The chart below tracks behavior among our clients’ users during phishing simulations. In it, resiliency equals users that “reported only” divided by “all that fell susceptible.” (The latter includes those that reported after falling for simulated phishes.)

Cofense Phishing Protection Solutions screenshotFigure 1 – Three-year Resiliency Trend across PhishMe Clients

As you can see, PhishMe clients using PhishMe Reporter® show consistent gains in the capability to recognize and report phishing simulations. In other words, they are becoming more resilient to attack.

Using our formula…

Resilience = Users that Reported Only/All Susceptible

…we can determine the current level of resilience, to any specific phishing simulation or known active threat model. It’s a snapshot of the capability to recognize and report.

To see how this capability changes over time, let’s look at a chart that measures all the ways users behave in simulations.

Cofense Human Phishing Defense Solutions screenshotFigure 2 – Behavior Analysis Chart

While the ideal outcome would be for all tested users to report only, that’s unlikely to happen. But, we can track two other key percentages shown above:

  1. Responded to Simulated Phish – Did Not Report
  2. Responded to Simulated Phish – Reported

Because the change you want to see is the reporting of suspicious emails, you expect to see a steady increase in “reported only” or “responded and reported.” Thus, if you were to run the simulation above again to the same user base, you would want an increase in the 43.63% of “reported only” and the 2.25% of “responded and reported.” You would also want a decline in the 14.23% of users that did not report.

This shows how the real goal of anti-phishing programs goes beyond finding vulnerabilities. The longer-term goal is to fortify capability—to build resiliency. Simply put, you want every user that interacts with a simulation to report it.

To learn more about successful anti-phishing programs, be sure to download the 2017 Enterprise Phishing Resiliency and Defense Report.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.