Measuring Security Awareness

The Net Reporter Score ™(NRS) measures security awareness of an organization. Security awareness training should be part of every organization’s cyber security program. However, the effectiveness of the human element of security has historically been difficult to measure effectively. Now, with the NRS an organization can easily see and monitor the effectiveness of their security awareness training. The NRS is an easy-to-understand index from -100 to +100. The higher the number, the better the organization’s employee security awareness.

How does the Net Reporter Score work?

When a phishing campaign is sent to test employees security awareness, the actions of the employees with regards to the phishing test are evaluated. Through the KillPhish reporting feature, employees can report when they receive a suspicious email, including the test emails.

How is the Net Reporter Score calculated?

The net reporter score is calculated by subtracting the percentage of people that failed the test from the people the percentage of people that reported the test email. The people with no actions, are not included.

% reported - % failed = NRS

This formula allows for a single number represent the if an organization’s security awareness training is helping people identify suspicious emails and report such emails to appropriate security personnel.

What is KillPhish?

KillPhish is an email threat analysis and reporting tool that is included with PhishingBox subscriptions. The reporting mechanism of KillPhish is what is used to provide the reporting data to calculate the NRS. Learn more about KillPhish here.