How We Calculate Phish-prone Percentages

Phish-prone percentage (PPP) is the percentage of employees within an organization likely to fall for social engineering or phishing attacks. Elsewhere, you might see it described as “phishing simulation click rate.”

Methodology

Phase One: Baseline Phishing Security Test Results

Before any KnowBe4 training takes place, we send an initial phishing simulation. This is used to identify risks and calculate an organization’s baseline PPP.

Phase Two: Phishing Security Test Results Within 90 Days of Training

Employees receive KnowBe4’s security awareness training. Another simulation is sent to recalculate the organization’s PPP and measure the effectiveness of the training program.

Phase Three: Phishing Security Test Results After One Year-Plus of Ongoing Training

After 12 months of KnowBe4’s security awareness training, the PPP is calculated again to further quantify the training program’s effectiveness.

« PREVIOUS

How We Calculate Phish-prone Percentages

TABLE OF CONTENTS

Introduction

How We Calculate Phish-prone Percentages

Analyzing Training Effectiveness

International Phishing Benchmarks

Executive Takeaways