In October 2019, over five days, Terranova Security held its annual Gone Phishing Tournament. The goal of this tournament is to give organizations an opportunity to know how their click rate compares to that of organizations with similar characteristics including vertical or industry, size and geographical location.
Click rate benchmarking gives organizations real tangible data about employee cyber security and phishing awareness. Once organizations know their phishing threat risk, they can take actionable steps to lower their click rate and secure their organization against cyberthreats.
"As a recognized leader and partner of choice for security awareness training, we are proud to deliver on our commitment to support security leaders with actionable data and global phishing benchmarks to help build effective programs that increase security awareness and reduce human risk." Lise Lapointe, Author and CEO of Terranova Security.
Key Results from the 2019 Gone Phishing Tournament™
The 2019 Gone Phishing Tournament reinforces how important it is for organizations to use a combination of security awareness training and phishing simulations to decrease the click rate and reduce the likelihood of these attack being successful.
The 2019 Gone Phishing Tournament revealed that even in organizations with security awareness programs in place, employees are still clicking phishing emails:
• 11% of recipients clicked the phishing link
• 2% of recipients submitted their credentials on the phishing website
Security and risk management leaders need to know these key results from the 2019 Gone Phishing Tournament:
• In organizations with no security awareness programs in place, 13% of users clicked the phishing link.
• In organizations with only a security awareness program in place, 29% of users submitted their credentials after clicking the phishing link.
• In organizations with both security awareness and phishing simulations, the credential submission rate is 47% lower.
Unique Approach for True Click Rate Benchmarking by Industry, Company Size & Geo
The Terranova Security Gone Phishing Tournament is unique and the only global phishing simulation event that allows participating organizations compare same to same.
To give organizations real facts on their click rate, Terranova Security launched a global phishing simulation event and deployed the same template within a single testing period for all users. Participating organizations received a customized click rate report that showed how they compare to organizations in the same industry, similar size, location, and level of security awareness and phishing programs in place.
With this information, organizations can honestly answer "How does my click rate stack up?" and take actions to improve their click rate.
Over the course of five days in October 2019, phishing emails were sent in 27 languages, in 76 countries and across 15 time zones. Using a scenario that includes two opportunities (email and website) for users to detect the phish, the global phishing simulation results measure and evaluate employee awareness of the risks of clicking phishing emails and of submitting personal credentials online.
"Awareness and Phishing Simulations together offer a significant advantage with 47% lower credential submission rate," according to Theo Zafirakos, CISO at Terranova Security, "while the use of unsupported operating systems and browsers continue to put users and organizations at risk."
Visit the Terranova Security website to learn more about the 2019 Gone Phishing Tournament and to sign up for the 2020 Gone Phishing Tournament.