Phishing Zero Measurement – Understanding Digital Resilience

What is a phishing baseline?

A phishing baseline measurement is a one-time, realistic test that measures how employees respond to phishing emails. Without notice. Without advance notice. Only the IT department and management are informed. This creates a clean picture of the situation.

Our approach:

• Within 2 weeks, each employee receives 2 unique phishing emails

• Mails are segmented by department (HR, IT, Sales, C-level)

• Industry and organization type are included in the content

Result: high relevance, higher learning effect, and realistic behavior.

On average, the phishing rate among companies is between 15% and 35%.

 

What exactly are we measuring?

Our baseline measurement goes beyond just “open rates.” This is what we measure:

• 📬 Number of emails sent: 1,078

• 👀 Open rate: 30.4%

• 🔗 Clicking on link: 9,1%

• 🧾 Data entered on fake site: 4,6%

• 📎 Attachment opened: 3.6%

• 💬 Responded to mail: 0,2%

• 🚩 Phishing reported: 51,1%

• 👥 Number of active users in test: 58

So we provide not just numbers, but direct insight into risk behavior.

 

What happens after the test?

Upon completion, you will receive a concrete advisory report including:

• Overview and analysis of all behaviors

• Comparison with benchmarks

• Clear risk indicators

• Concrete recommendations by behavior type

We discuss the results together in a video call. Directly, openly and without vague report language. Optionally, this is followed by a customized security awareness training.

 

Privacy & technology: what about it?

• 📧 Whitelisting in advance – no disruptions from spam filters

• 🔐 All data is anonymous – employees are not “judged”

• 📊 Generalized insights – unless deliberately chosen for open follow-up

Our goal is awareness, not a blame game. That is why we work AVG-proof and with ISO27001 substantiation.

 

Why start with a baseline measurement?

Many companies start training right away, but forget to measure what the starting point is. As a result, the return remains unclear. A baseline measurement offers immediate insight:

• What is the real situation in your organization?

• Where are the biggest risks?

• How well do employees recognize phishing?

• Specifically, what do you need to improve?

>10% click rate? Then immediate action is required.

Our target after 12 months of training: a phishing rate between 1% and 4%.

 

ALTA-ICT approach: what makes us different?

At ALTA-ICT, we combine human behavioral insights with technical expertise:

✅ ISO27001 / ISO9001 / NEN7510 approach
✅ Anonymous baseline measurement without friction
✅ Sector-specific phishing campaigns
✅ Measurable reduction in risk within 3 months
✅ Personal advice + follow-up via video call

 

Frequently Asked Questions

Do employees need to know anything in advance?
No, only the IT department and management were informed in advance.

Is this AVG-proof?
Yes, all data is anonymous unless otherwise agreed upon.

Can spam filters affect testing?
No, we whitelist in advance so that emails arrive correctly.

Is this only for large companies?
No, we test companies from 25 employees to 500+.

Will we get help after the test?
Yes, including report + advice + optional follow-up process.

 

Conclusion: measuring is knowing

A phishing baseline measurement is the way to turn awareness into action. Not assumptions, but facts. And build true digital resilience from there.

🎯 Want to know how your employees score?

📞 Book a free baseline consultation immediately:
alta-ict.co.uk/gratis-consultation