How often do you do phishing campaigns?

6.8k views7 Upvotes20 Comments

Sort by:

CISO in Telecommunication2 years ago

We do it 10 times a year, not on fixed schedule, which means we can do it twice a month or none in a month. We want to make it unpredictable.

VP of IT in Services (non-Government)2 years ago

Quarterly but they are staggered and run more frequently for anyone who may need additional training

CISO in Healthcare and Biotech2 years ago

Quarterly phishing campaigns targeted at different business divisions are crucial to an organization's cybersecurity strategy. They educate employees about cyber threats and enhance their ability to identify and manage phishing risks via realistic simulations. Given the role of human error in successful phishing attacks, these proactive campaigns go beyond infrastructure safeguards to mitigate vulnerabilities. They offer tailored training to employees based on their roles and potential threats. I like to increase my company's "Cyber-Paranoia" Level. :-)

CIO2 years ago

Monthly - All users

Senior Director Engineering in Travel and Hospitality2 years ago

Depends on the risk score we get from external agencies

1 Reply

no title2 years ago

Interesting tangent Arun, thanks. but could you please elaborate? Most of the external scoring would focus on infra layer and thus maybe externally exposed lookalike domains, smtp/relay configurations. Other than those typr of angles, are you using any service to risk score people?

Content you might like

How is AI implementation impacting your organization’s cyber insurance premium or coverage so far?

If you are a managed service provider (MSP), are you considering reselling managed detection and response services from your vendor?

Yes73%

No26%

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

There has been an upswell in demand for the use of MCP servers for our development community. What security criteria and considerations do you use for performing a security review, hardening and approval process?

If your organization has a mobile application, was it developed in-house or by a 3rd party?

In-house24%

3rd party54%

Other13%

I don't know3%

We have multiple. Some in-house, some 3rd party.5%

View Results

How often do you do phishing campaigns?

Sort by:

Content you might like

How is AI implementation impacting your organization’s cyber insurance premium or coverage so far?

If you are a managed service provider (MSP), are you considering reselling managed detection and response services from your vendor?

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

There has been an upswell in demand for the use of MCP servers for our development community. What security criteria and considerations do you use for performing a security review, hardening and approval process?

If your organization has a mobile application, was it developed in-house or by a 3rd party?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go