The Impact Report allows you to assign a value to an action to quickly determine the potential impact to your organisation. This can be used to show stakeholders the benefit and need for security awareness training, as well as displaying meaningful behavioural change.
You have the ability to change the value or disable/enable different actions to tailor this report to your organisation. As a starting point, we have used default values based on the ACCC SCAM Watch 2021 statistics, however, these are the average values so the impact may vary based on your organisation's industry, size or environment, etc.
This article will take you through:
- Default Values
- How to Configure Impact Report
- Viewing the Impact report
The default values are based on the SCAM Watch 2021 statistics from the Australian Competition & Consumer Commission(ACCC) website.
In the Phishing Category there were 71,299 emails reported with 1.2% financial loss totaling $4,324,128.
The following key information has been used to create the values for the data points in the Impact Report.
|SCAM TYPE - Delivery Method||Amount lost||Report emails||Reports emails with Financial Lost (1.2%)||Average Value|
Phishing - Email
|Phishing - All Categories||$4,324,128||71 299||855.6||5053.98|
|Status||Action||Default Value||Loss/Gain||Data Points|
|Disabled||Open phishing email||No default value as there is no data associated to only opening an email|
|Enabled||Click phishing email||$3560||Loss||Clicking a link or opening an attachment could have the same outcome. This value includes the average for the email reported with financial loss in Phishing-Email category.|
|Enabled||Submit credential||$1494||Loss||Submitting credential capture can lead into various types of phishing methods. This value includes the average for the email reported with financial loss in Phishing-All category.
As there requires another action to get to the credential capture page, this value is iterative on top of $3560 from clicking a link or attachment that is already recorded.
|Enabled||Report Phriendly Phishing email||$3559||Gain||The user has correctly identified and reported a suspicious email. This value is the opposite of clicking on a link or attachment.|
|Enabled||Report Other email||$3559||Gain|
|Disabled||Report Safe email||No default value as there is no data associated to reporting Safe emails. In addition, depending on your organisation you could see this as a loss or a gain.
Potential Gain: A user reporting an email in beneficial to the security culture as users are reporting emails they determine to be suspicious
Potential Loss: A user reporting an email to the security team to investigate would take time and therefor value on an email that was not a legitimate phishing or spam email.
How to configure
1. Go to the Settings Cog located at the top right-hand corner of your dashboard.
2. Select Impact Report.
3. You can now configure the Impact Report by customising the below options.
Unit: The unit type of the actions shown in the report.
Enable/disable action: This will determine what actions will be included in the report.
Rename action: This will change the name actions included in the report.
Gain/Loss: This will determine if the actions are calculated as a loss or gain in the report.
Value: The value assigned to each action.
Viewing the Impact report
1. Expand the Dashboard tab and select Impact Report.
2. Specify the date range for the report.
3. The overall impact value based on the configuration set is shown here.
A breakdown of the actions included and their value are shown here.
4. This section can be used to see all results included in the report. You can filter these down by selecting Add More and selecting criteria to filter on.
5. You have the option download/export this information.
Save as PDF File: Will download the impact report as a PDF.
Export Chart: Will download the total impact value & action values as a PNG file.
Send as PDF via email: Will bring up the option to send the impact report as a PDF via email.