When you receive the results of a phishing campaign, there are several ways to analyze the results. Doing this analysis is useful for determining the type of training campaigns you'll need to run. Consider the following when you're reviewing results:

  • Results can differ based on region, language, department, and time of employment.

  • What actions are people performing if they've interacted with the lure? Have they, for example, clicked links, entered data, clicked Submit, or opened an attachment in the phishing email? Be aware of giving too many options to your recipients when you're setting up a campaign, as you'll be analyzing results to determine the number of people that opened files, clicked on links, entered data, and so on. Based on this, you'll want to develop training to create behavioral change to effect change in these areas. Creating too many options, especially in the first few campaigns, makes it more challenging to interpret the results. And, apart from keeping an eye on the progress of your clients, it’s important to check the progress of organizations and their ability to mitigate risk. Use your SafeTitan Reporting tool to see how organizations are benchmarked against their susceptibility to phishing.

  • If your campaign has been distributed to people in different countries, do you notice if different cultures have responded differently?