The Impact Report allows you to assign a value to an action to quickly determine the potential impact to your organisation. This can be used to show stakeholders the benefit and need for security awareness training, as well as displaying meaningful behavioural change.
Important
- Enable Impact Report to view and use this report.
- You have the ability to change the value or disable/enable different actions to tailor the report to your organisation.
- The default values used are based on the SCAM Watch 2021 from Australian Competition & Consumer Commission - ACCC website. These are the average values so the impact may vary based on your organisation's industry, size or environment, etc.
Default Values
In the Phishing Category there were 71,299 emails reported with 1.2% financial loss totaling $4,324,128. Key information in Table 1 has been used to create the values for the data points in the Impact Report (refer to Table 2).
| SCAM TYPE - Delivery Method | Amount lost | Report emails | Reports emails with Financial Lost | AVE Value |
|---|---|---|---|---|
| Phishing - Email | $444,573 | 10,407 | 124.9 | 3559.88 |
| Phishing - All Categories | $4,324,128 | 71,299 | 855.6 | 5053.98 |
| Status | Action | Default Value | Loss/Gain | Data Points |
|---|---|---|---|---|
| Disabled | Open phishing email | No default value as there is no data associated to only opening an email | ||
| Enabled | Click phishing email | $3560 | Loss | Clicking a link or opening an attachment could have the same outcome. This value includes the average for the email reported with financial loss in Phishing-Email category. |
| Enabled | Open attachment | $3560 | Loss | |
| Enabled | Submit credential | $1494 | Loss |
Submitting credential capture can lead into various types of phishing methods. This value includes the average for the email reported with financial loss in Phishing-All category. As there requires another action to get to the credential capture page, this value is iterative on top of $3560 from clicking a link or attachment that is already recorded. |
| Enabled | Report Phriendly Phishing email | $3559 | Gain | The user has correctly identified and reported a suspicious email. This value is the opposite of clicking on a link or attachment. |
| Enabled | Report Other email | $3559 | Gain | |
| Disabled | Report Safe email |
No default value as there is no data associated to reporting Safe emails. In addition, depending on your organisation you could see this as a loss or a gain. Potential Gain: A user reporting an email in beneficial to the security culture as users are reporting emails they determine to be suspicious Potential Loss: A user reporting an email to the security team to investigate would take time and therefor value on an email that was not a legitimate phishing or spam email. |
Viewing the Impact Report
-
Expand the Dashboard tab and select Impact Report.
- Specify the date range for the report and click Run.
- You have the option to export the Graph in 3 ways per image in Step 2.
- Save as PDF File: Downloads the impact report as a PDF.
- Export Chart: Download the total impact value & action values as a PNG file.
-
Send as PDF via email: Brings up the option to send the impact report as a PDF via email.
- Click Add filter to see all results included in the report and hit Apply Filter once done.
Comments
Please sign in to leave a comment.