Phishing assessments are stressful and waste a lot of time. Technically, it’s a simple concept: Template, Target, Test, Report, Remediate…

But, in reality, here are the headaches and time-consuming details that few executives factor into the costs of phishing simulations…

1. Coordinating with internal and external entities being impersonated (before; or responding to them after)

2. Testing security filters (before; and/or doing reports after)

3. Maintaining secrecy (before; or looking for the “leakers” after)

4. Trying to “fine-tune” difficulty of a message (before; or trying to explain the possible biases after)

5. Trying to decide on what will be done with “clickers” (before; or what to do with them, if anything, after)

Because “live phishing simulations” are done in an “operational” setting, the process should be planned well to avoid unexpected costs. 

MSPs have robust security systems.

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

But ideally, employee security vulnerability assessments shouldn’t waste management’s time on tasks that don’t bring good value.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.