Guide: Understanding Your Phishing Report

Your Phishing Campaign Report summarises how learners interacted with a simulated phishing email. The key metrics below help you understand your organisation’s risk level, learner behaviour, and areas for improvement. *Learners refer to the recipients of the simulated phishing email.

Phished Rate

The percentage of learners who interacted with the malicious part of the email (clicked on a link, opened an attachment, or entered data).


Report Rate

Your defensive strength score. It measures how many learners spotted and reported the phishing email as suspicious.


Opened

The number of learners who opened the phishing email.


Clicked

The number of learners who clicked on a link or an attachment within the email.


Compromised

The number of learners who shared information by entering data (e.g., login credentials) into a landing page.

Note: "Clicked" shows initial interaction, while "Compromised" indicates a further step where the learner might have divulged information, potentially leading to a security breach.

Trained

The number of learners who completed the just-in-time training sent to them after failing the test (e.g., by clicking or compromising).


Reported

The number of learners who correctly identified and reported the email (via dedicated mailbox or reporting button).

Next Steps

Your report highlights both vulnerabilities and positive security actions. Use these insights to:

  • Identify learners or departments who need extra phishing awareness training.
  • Recognise those who reported correctly to reinforce positive behaviour.
  • Track changes in your Phished Rate and Report Rate over time to measure progress.

For more info on Phishing Campaign reports, see our Guide: CSV Reports for Phishing Campaigns

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles