Staff Phishing Testing and Resilience Program

Our client for this engagement is a market-leading brand which prides itself on being at the forefront of digital innovation.


Phishing is one of – if not the – major cyber threats facing organisations globally, and is responsible for many of the highest profile data breaches and cyber incidents in recent years.

Successful phishing attacks can lead to major data breaches or the infection of systems with destructive malicious software such as ransomware. While technical defenses play an important role, addressing the “human factor” and improving staff resilience to phishing attacks – through testing and education – is critical to defending against this highly damaging threat.

Our role

We developed a strategy to reduce the client’s susceptibility to the threat of phishing over time through the use of regular testing of staff phishing resilience and targeted and engaging education and communications.

Phishing simulations were executed throughout the year and designed to replicate the types of phishing campaigns likely to be received by the client’s staff. Broad-based and targeted campaigns were carried out to ensure coverage of all risk scenarios.

The results of the campaigns were used to support targeted education and communications activities. Executive-level analyses and reports were also provided to senior executives, supporting them to take accountability for their departments and drive awareness.

What we did

elevenM carried out the following activities:

  • Designed a holistic phishing resilience strategy tailored to the clients risk and threat profile
  • Executed phishing simulations to test staff on the phishing threats likely to target them
  • Delivered communications and education activities, tailored and targeted based on simulation results
  • Provided senior executives with insights into the extent of phishing risks in their departments, and supporting collateral to improve awareness.