PhishFit

Ian Finn
Updated

Overview

PhishFit is your organisation's cyber resilience measurement and reporting tool within the Phriendly Phishing platform. It provides a holistic view of how well your learners are developing their security awareness by combining three key data sources: their performance in simulated phishing exercises, their responses to the questionnaire, and their overall training engagement.

PhishFit is divided into two main dashboards — the PhishFit Score Dashboard and the Questionnaire Data Dashboard — each designed to give you clear, actionable intelligence about your organisation's security posture.

Benefits of PhishFit

  1. Measure Real Resilience — Go beyond simple click rates. PhishFit combines simulated phishing results, training enagement, and questionnaire data to give you a true picture of your organisation's cyber resilience.

  2. Identify Vulnerabilities — Pinpoint which cognitive biases, phishing themes, and digital behaviours your people are most susceptible to, so you can target training where it matters most.

  3. Track Progress Over Time — Monitor your organisation's PhishFit Score as it evolves, demonstrating the impact of your security awareness program to leadership and stakeholders.

  4. Data-Driven Training Decisions — Use the Digital Tendencies and Behavioural Insights data to schedule training content based on the lowest adopted security behaviours, increasing adoption and knowledge.

Trend Data

The first dashboard focuses on your organisation's overall resilience score and contains the following 7 elements:

1. PhishFit Score

A single score representing the current overall PhishFit score of your organisation. This is calculated using an AI-driven model that considers multiple factors from your simulated phishing campaigns, training engagement and questionnaire answers.
PFit1.png

2. PhishFit Score Levels

Each learner is assigned a PhishFit Level based on their score:

Level

Score Range

What It Means

Elite

85 – 100

Exceptional cyber resilience. Learner consistently identifies and responds correctly to phishing threats.

Strong

70 – 84

High resilience. Learner demonstrates strong awareness with only minor gaps.

Emerging

40 – 69

Moderate resilience. Learner shows awareness but has areas for improvement.

Developing

0 – 39

Low resilience. Learner needs focused training to build foundational awareness.
3. PhishFit Score Trend

A trend chart showing your organisation's PhishFit score over time, allowing you to track improvement and measure the impact of training initiatives.
Pfit2.png

4. PhishFit Score Analysis

A breakdown of how individual learners are distributed across the four PhishFit levels (Elite, Strong, Emerging, Developing) and ''Pending Data' for when there is not enough data on a learner to provide an accurate score.  

You can also exports this element to see the individual Phishfit score of your leaners. 

5. Cognitive Bias Breakdown

A breakdown of how learners respond to different cognitive biases within simulated phishing emails. Cognitive biases are the psychological techniques used in phishing emails to manipulate recipients into clicking — understanding which biases are most effective against your team helps you craft more targeted training.

Pfit5.png
6. Most Vulnerable Themes

Identifies the phishing themes with the highest Click-Through Rate. Themes represent the subject matter or scenario used in simulated phishing emails (e.g., delivery notifications, password resets, urgent requests).

pfit6.png
7. Most Vulnerable Biases

Identifies the cognitive biases with the highest Click-Through Rate — the psychological manipulation techniques your learners are most likely to fall for.

pfit7.png

Questionnaire Data

The second dashboard presents data collected from the Cyber Resilience Questionnaire — a structured survey designed for your learners' to self-assess their cyber awareness, confidence levels, and digital habits. 

Read through the Help Centre article, to schedule your Organisation's Cyber Resilience Questionnaire

1. Cyber Resilience Summary

Three key metrics at the top of this dashboard:

  1. Learners Assigned — The total number of learners assigned the questionnaire.

  2. Assigned Responses Rate — The percentage of assigned learners who have completed it.

  3. Organisation Response Rate — The overall response rate across your organisation. This includes total learners in the platform, even if they have not been sent the questionnaire. 

2. Role Count

A bar chart showing the count of questionnaire responses grouped by role within your organisation — helping you understand participation across departments or job functions.

3. Phishing Confidence

A pie chart showing the distribution of how confident your learners feel in their ability to identify phishing emails:

  • Yes — Fully confident

  • Somewhat — Somewhat confident

  • Not Very — Not very confident

  • Not Sure — Unsure

This gives you a self-reported confidence baseline to compare against actual simulated phishing performance.

4. Awareness of Latest Scams

A pie chart showing whether learners are aware of the latest scam trends:

  • Yes — Aware

  • Somewhat — Somewhat aware

  • No — Not aware

5. Digital Tendencies

A series of bar charts breaking down your learners' self-reported digital security behaviours. Each bar shows the percentage of learners who selected a particular answer, giving you a clear view of which safe practices are being adopted — and which are not.

The categories covered include:

  1. Password Management — Whether learners use strong, unique passwords and password managers.

  2. Device Updates — Whether learners regularly update their devices and use antivirus software.

  3. Multi-Factor Authentication (MFA) — Whether learners have enabled MFA on their accounts.

  4. VPN Use — Whether learners use a VPN when on public Wi-Fi.

  5. Internet Browsing Protection — Whether learners use DNS filters or browser security tools to block malicious domains.

  6. Incident Response — How learners would respond upon receiving a suspected phishing email (e.g., report to manager, delete it, forward to a colleague).

  7. Social Media — Whether learners can be found on social media by searching their name, indicating potential exposure to social engineering.

6. Behavioural Insights

Based on the Digital Tendencies data, this section highlights key behavioural patterns:

  • Most Adopted — The top security behaviours with the highest adoption rates. These are your organisation's strengths.

  • Least Adopted — The top security behaviours with the lowest adoption rates. These represent your greatest opportunities for targeted training.

This allows administrators to schedule training content specifically addressing the least adopted behaviours, directly closing knowledge and behaviour gaps.

How to Use PhishFit Effectively

  1. Start with the PhishFit Score — Check your overall organisational score and trend to understand your baseline.

  2. Review Vulnerable Areas — Look at the Most Vulnerable Themes and Biases to understand what types of phishing emails are most effective against your team.

  3. Deploy the Questionnaire — Send the Cyber Resilience Questionnaire to capture self-reported digital behaviours and confidence levels.

  4. Analyse Digital Tendencies — Identify low-adoption security behaviours and prioritise training around those areas.

  5. Use Behavioural Insights — Focus on the Least Adopted behaviours to guide your training content schedule.

  6. Track Progress — Regularly review the PhishFit Score trend and re-deploy questionnaires to measure improvement over time. 

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.