What action do you take when a user fails a simulated phishing test?

Awareness & TrainingData Protection & Encryption

No action taken6%

Extra training required by user 95%

Permissions revoked5%

Disciplinary action taken against user3%

80 PARTICIPANTS
3k viewscircle icon1 Upvotecircle icon4 Comments
Sort by:
Principal Cybersecurity Specialist - SaaS Security5 months ago

It depends on what type of phishing test and which user group/persona failed it. Like, if was a accounts payable or HR payroll team, then more stringent action needs to be taken. 

Information Security Manager in Banking6 months ago

Not enough options for this. We provide a teachable moment and give them resources to read on their own. If it's a second or third failure we provide the teachable moment and assign a quick remedial online training. We also inform supervisors so they can address the behavior at their level if they need it. At the beginning of every year, everyone has a clean slate.

IT Operations Manager in Constructiona year ago

Follow-up question, for those opting for disciplinary action, do you think it is effective? 

Engineering Managera year ago

The best action is to provide additional training the the user(s) to increase awareness and knowledge. None of the other options in this poll are viable in the long-term. 

Lightbulb on2

Content you might like

Are your software engineers actively using AI to be more effective and productive in their day to day work? Comment why or why not! 

Yes75%

No25%

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Read More Comments

Does anyone know of an excellent third-party assessor/vendor to perform a comprehensive security assessment on a mobile app? 

Is your organization changing its approach to any ongoing application modernization projects as a way to reduce risk?

Yes, we’re pausing 9%

Yes, we’re scaling back53%

Yes, we’re scaling up23%

No, we’re not changing our approach14%

N/A, we have no current projects

View Results

We’re currently exploring options to implement an iPXE-based WinPE deployment solution in Microsoft Azure. Our goal is to streamline OS provisioning for virtual machines using cloud-hosted boot scripts and WinPE images, ideally over HTTP/S for performance and flexibility. Key requirements: Must support iPXE booting in Azure (via ISO, custom VM image, or chainloading). Ability to host and serve WinPE images securely (e.g., via Azure Blob Storage or web server). Cyber Essentials Plus compliance is essential, as we operate in a regulated environment. Preferably a UK-based provider with experience in secure cloud deployments and endpoint provisioning. We’ve looked into solutions like 2Pint Software’s iPXE Anywhere, but we’re open to other vendors or managed service providers who can assist with setup, integration, and ongoing support. Has anyone implemented a similar solution or worked with a provider who meets this criteria? Any recommendations or lessons learned would be greatly appreciated.