Measuring Security Awareness

The Net Reporter Score ™(NRS) measures security awareness of an organization. Human risk management should be part of every organization’s cybersecurity program. However, the effectiveness of the human element of security has historically been difficult to measure effectively. Now, with the NRS an organization can easily see and monitor the effectiveness of their security training. The NRS is an easy-to-understand index from -100 to +100. The higher the number, the better the organization’s employee security awareness.

How does the Net Reporter Score work?

When a phishing campaign is sent to test employee security awareness, the actions of the employee with regards to the phishing test are evaluated. Through the KillPhish reporting feature, employees can report when they receive a suspicious email, including the test emails.

End Point Security

How is the Net Reporter Score calculated?

The Net Reporter Score is calculated by subtracting the percentage of people that failed the test from the people the percentage of people that reported the test email. The people with no actions are not included.

% reported - % failed = NRS

This formula allows for a single number to represent if an organization’s security training is helping people identify suspicious emails and report such emails to appropriate security personnel.

Net Reporter Score

What is KillPhish?

KillPhish is an email threat analysis and reporting tool that is included with PhishingBox subscriptions. The reporting mechanism of KillPhish is what is used to provide the reporting data to calculate the NRS. Learn more about KillPhish here.