What's included in my Executive Summary?
The Executive Summary provides an overall program grade and trend for your company's security training, detailing changes in training progress, active participation, and a detailed report card with graded subsections on phishing metrics (reported attempts, clicks, and reviewed learning moments) and training course completions, all combined to reflect the health and direction of the security training program.
The Executive Summary Overview
The executive summary provides an overall program grade, a trending direction, and quick statistics to summarize your security training program.
Summary
This section offers a brief explanation of any changes in your company's security training progress. It includes:
- Letter grade changes from the previous month
- Reasons for any grade adjustments
- Information about how many people were actively trained during the last period
Detailed Report Card
The report card breaks down phishing simulation and training content into subsections, each with its own grades. These subsections highlight key areas that factor into your company's security training program health.
Phishing
- Phishes Reported — The number of phishing attempts reported over the last month (for monthly campaigns) or month-to-date (for weekly campaigns). The fraction shown is the number of phishing attempts reported divided by the number sent. More reported attempts result in a better grade.
- Phishes Clicked — The number of phishing emails clicked over the last month or month-to-date. The fraction is the number of clicks divided by the number sent. Fewer clicks result in a better grade.
- Learning Moments Completed — The number of clicked phishes that have been reviewed by the users who clicked them. The fraction is reviewed phishes divided by clicked phishes. More reviewed phishes result in a better grade.
Note: Phin's Outlook phishing button is available to all Phin Partners.
Training
- Courses Completed — The number of courses completed over the last month or month-to-date. The fraction is courses completed divided by courses sent. More completed courses result in a better grade.
Overall Program Grade
This grade combines the grades from each subcategory of your company's security training program. It indicates the overall health and trending direction of your program.
Note: N/A scores do not affect the overall grading.
Executive Summary Grades
- Throughout the month, subsection grades are considered in progress and display as NA. Ongoing analytics show the current status of running campaigns in the Weekly Performance Report Executive Summary.
- After each month, subsection grades are officially stored and used to calculate the overall program grade for that month. This data is shown in the Monthly Performance Report Executive Summary.
Grading Rubric
A basic grading rubric is used for the following subsections: Courses Completed, Phishes Reported, Phishes Clicked, and Learning Moments Completed.
Courses & Reported Phishes & Learning Moments:
- A: 90–100%
- B: 80–89.99%
- C: 70–79.99%
- D: 60–69.99%
- F: 0–59.99%
Clicked Phishes:
- A: 0–10%
- B: 10.01–20%
- C: 21.01–30%
- D: 30.01–40%
- F: 40.01–100%
Reported Phishes may also be NA if the feature is not set up.
These scores are based on industry averages and Phin Security analytics. The grading rubric may evolve over time to provide better insights and improve program performance.
Executive Summary Edge Cases
-
Phishes Clicked Edge Case: Sometimes, you may see a positive number in the "Phishes Clicked" or "Learning Moments Completed" sections when no phishing emails were sent, or a number higher than what was sent in the current month. This means the stat includes activities completed in the current month that were originally sent in a previous month.
-
Phishes Reported Edge Case #1: If the Report-a-Phish Button Integration is not set up, the "Phishes Reported" section will always return NA. This does not impact your overall company grade.
-
Phishes Reported Edge Case #2: If the "Phishes Reported" number is higher than the number of phishes sent (e.g., 15 reported out of 11 sent), this is because simulated phishing emails sent in a previous month were reported during the current month. For example, if 11 phishing emails were sent in July and all were reported in July, plus 4 from June were also reported in July, the July report would show 15 reported when only 11 were sent in July.
These edge cases help explain discrepancies in the reported statistics and ensure accurate interpretation of your executive summary data.