Although there is value in onsite social engineering, for the money offsite social engineering, such as that provided by PhishingBox is much more cost effective. Only in rare circumstances, will attackers attempt anything that require their physical presence. As such, most organizations do not need onsite testing.
According to a recent study commissioned by Check Point Software Technologies Ltd, forty-seven (47) percent of social engineering attacks are via phishing. (The Risks of Social Engineering on Information Security: A survey of IT Professionals)
Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.