When it comes to running phishing simulation campaigns. What is the best practice on how often they should be run and at what cadence should phishing simulation emails be sent out? Some organizations only run a campaign once per quarter sending out a simulated phishing email about once per week while other organizations run continuous campaigns sending out phishing simulations about once every 2 weeks. What are other organizations doing and what is the best practice?

Security Strategy & RoadmapQuality, Testing and Security
223 viewscircle icon2 Comments
Sort by:
Chief Information Officer in IT Services16 hours ago

Phishing simulation campaign is not sent and not to be sent very frequently. Users will get used to it. Campaigns should be sent specifically around a time of interest, for example, free tickets during world cup, during Income tax returns, during festive seasons with offers etc...which will truly test the users. Best practice is to time the campaign during such events and not as a routine activity.

Chief Information Security Officer in Manufacturing2 days ago

Best practices is to conducting phishing simulations monthly or quarterly, balancing frequency to maintain awareness without causing fatigue.
Many organizations do it for bi-weekly or monthly campaigns, adjusting based on employee engagement and threat landscape. Continuous simulations can be effective but should be paired with comprehensive training to ensure long-term security awareness.

Content you might like

Have you implemented a solution/platform to monitor API transaction logic for anomalies (to detect API abuse)?

Yes 29%

Currently implementing API abuse detection 29%

Planning to implement — still evaluating solutions 25%

No 17%

Other

View Results

How many DevOps or DevSecOps resources have access to touch, add or change source code via your CI/CD pipeline?

0-2544%

26-5045%

51-1009%

100+1%

View Results

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

Read More Comments

We’re evaluating a new ERP. Our company, PROENERGY is a vertically integrated power partner (gas plant design/build, O&M, manufacturing including our PE6000 turbine, and 2.6 GW ERCOT operations).

Considering: SAP Public Cloud, Oracle Fusion Cloud, Microsoft Dynamics, IFS, and Infor Construction Cloud.

Key needs: manufacturing, complex structure with built-in consolidation/reporting, long-range planning, procurement/inventory, and core accounting.

We use Microsoft Dynamics today for CRM/Field Service. Biggest concerns: implementation partners and support resources.

Would love your thoughts.

Read More Comments