Simulation overview metrics

Definition

Percent of emails successfully sent where the user clicked on an element in the email.

Calculation

Click count / Sent mails count

Impact

This is one of your key metrics. Clicks on real phishing emails are usually where the danger starts. The lower this rate is, the better your users are at identifying threats.

Definition

Certain simulated phishing mails direct the user to a landing page when they click on a link. This metric represents the percentage of these emails where a user interacted with the landing page compared to the overall number of this type of email that was sent and clicked.

Calculation

Interaction count / Landing page visit count

Impact

This is another key metric that should be as low as possible. While opening a link from a phishing email represents a certain threat level (see click rate) interacting with such a page is even more dangerous. Note that not all simulated phishing mails feature a landing page, so the absolute numbers are going to be lower.

Definition

Percentage of emails successfully sent where the user reported the email using the Phishing Report Button.

Reported external emails

The count of emails reported via the Phishing Report Button that were not part of a SoSafe simulation campaign.

Calculation

Reported count / Sent mails count

Impact

This metric represents your organization’s reporting culture. The higher, the better. Not falling for phishing mails is great, but actively reporting them is even better since it can help your Security Team to identify and prevent attacks. Often, real phishing mails do not just target a single employee, after all.

Definition

The percentage of all emails planned in the campaign that have actually been sent

Error rate

The percentage and number of sent emails that were rejected by the mail server.

Calculation

Emails sent / Emails planned in campaign

Impact

Think of this as your campaign progress. If you’re at 0%, no simulated phishing mails have been sent as part of your selected campaign. The error rate is helpful to determine if there might be an issue with your Whitelisting settings or other technical issues.

Definition

Percent of emails successfully sent where the user downloaded the tracking pixel in the email.

Calculation

Open count / Sent mails count

Impact

This metric is difficult to evaluate without context. An email counts as “opened” when the tracking pixel we include is downloaded. If automated image downloading is disabled in your organization, this KPI will underreport how many simulated phishing mails were actually looked at.

Definition

Percentage of emails successfully sent where the user replied to the email. This does not count automatic replies such as out of office replies.

Calculation

Reply count / Sent mails count

Impact

In real phishing attempts, email replies are often the starting point for cyber criminals to launch complex social engineering attacks. You want this rate to be as low as possible since any reply to real phishing emails is dangeorus.

Definition

Certain simulated phishing mails direct the user to learn more about phishing when they click on a link. This metric shows the percentage of effective learning page visits (counted once users read at least 2 explanatory texts) compared to the total number of simulated phishing mails with such learning pages.

Calculation

Learning count / Learning page visit count

Impact

A lower absolute number is good because it means there are few instances of users clicking on a simulated phishing mail link. However, a high percentage means that users are motivated to take the opportunity to improve their phishing detection skills.

Definition

Percentage of emails clicked where the user was using a mobile device.

Calculation

Mobile count / Click count

Impact

This metric shows how common mobile device use is for viewing emails. This is not inherently relevant for security, but can give you valuabe insights into user behavior.