Phishing Resilience as a Board Metric
Annual training has no measurable effect on click rates. A phishing-resilience score, tracked monthly, is the metric your board actually wants.
Why annual training fails
Annual security awareness training has been measured at zero impact on click rates within 90 days of completion. The information decays faster than the threat does.
What a resilience score looks like
A phishing-resilience score is a single per-org number that combines click rate, submit rate, report rate, and time-to-report across the last 90 days of campaigns.
- Click rate (lower is better)
- Submit rate (lower is better)
- Report rate (higher is better)
- Median time-to-report (lower is better)
Closing the loop
Anyone who clicks or submits is auto-enrolled in just-in-time training matched to the lure type, then re-tested in 14 days. The platform handles every step. The board gets a number that moves.