The Click-Prone® Score, your measurable security level
The easiest way to look at the Click-Prone® Score is to split it into two categories:
Both scores are explained in detail below.
We also cover exactly which test failures are counted in each campaign event:
How Recipients' Click-Prone® Score is calculated
Per campaign event
Each template in the Phishing Tackle platform will have at least one measurable test which, if failed, counts towards a Recipients' Click-Prone® Score.
NOTE: It is not uncommon to see users with a Click-Prone® Score over 100%
Should a recipient fail one of these tests, it counts as a 100% Click-Prone® score for that campaign event. Naturally, this means that for templates with more than one test, the recipient can score more than 100%.
The reasoning behind this is quite simple; any failure, be it clicking a link, opening an attachment or entering data into a fake website, is a serious security risk and must be counted as a full failure of the test.
To put it another way; If an email arrived in your organisation carrying two malicious attachments and a user unleashes one of the ransomware attacks by opening one of the attachments, knocking out your entire network and encrypting your servers, has the user only caused half a problem?
For this reason, we class each test as a separate point of strength or weakness on the part of the Recipient.
Across multiple campaign events
The Click-Prone® Score is designed to show how a Recipient's ability to spot phishing emails changes over time.
As such, the score is adjusted for each new campaign event the Recipient receives:
- If a recipient receives one simulated phishing email and clicks the link, their Click-Prone® Score would be 100%
- If the same Recipient receives another simulated phishing email and does not fail any of the measurable tests, their score will decrease to 50%
Recipient Click-Prone® Scores are displayed in various places across the platform, and you can see a full breakdown of each recipient on the Recipient Statistics page (accessed by clicking the name or email address of a recipient within the platform):
How does Phishing Tackle calculate a campaigns Click-Prone® Score?
For each campaign we take the sum of all campaign event test failures and divide it by the total number of emails delivered.
E.g. A simulated phishing campaign delivers 100 emails to your Recipients:
- 38 Recipients click the landing page link
- Of these recipients, 12 enter data into the Landing page
This totals 50 test failures, divided by the number of emails (100) gives us a campaign Click-Prone® Score of 50%.
What are the five measurable tests?
The tests each represent a potential security failure and entry point for hackers into your network.
Clicking a link within an email;
Opening an attached file;
Entering credentials into a fake landing page;
Replying to an email;
Clicking a link within an attachment;
The results of the measurable tests in each campaigns are visible from both the campaigns, and campaign actions page.
Campaign Actions Page
That's all there is to it! Enjoy using the Phishing Tackle platform and if you have any questions please don't hesitate to contact our support desk who will be happy to help.