Phishing Simulation

  • Updated on Apr 10, 2026
  • Published on Mar 16, 2026
  • 2 minute(s) read
Prev Next

WHAT IS PHISHING SIMULATION AND WHY IS IT IMPORTANT?

About This Control

Summary: Phishing simulation exercises are performed to augment security training by providing users real-world examples of phishing emails that they might receive.

Purpose: To provide users with simulations of phishing emails that they might be sent and testing their ability to identify them as such. Phishing campaigns also help management to identify teams, or specific tactics that might point out areas of weakness where additional training may be needed.

Implementation Guidance: The dashboard provides configurability for the period of time the dashboard reports on, the number of noncompliant campaigns a user needs to have within the reporting period before they are counted as noncompliant, and risk levels to assign users to if they repeatedly fail phishing campaigns.

Why It Matters

  • Simulated phishing tests help staff recognize and respond appropriately to real threats.

  • Human error is a leading cause of data breaches, so improving users’ ability to identify phishes can reduce the risk of human error.

  • The tests can identify training gaps. If many employees fail a simulation, it indicates the need for training about the tactic used.

  • Phishing simulations can also be used to reinforce the need to report suspected phishes. If an employee clicks on an actual phishing email, their prompt reporting of it is important to limit possible impact.

Risks Addressed:

  • Identifies staff that are likely to fall for real phishing emails.

  • Reduces unintentional leakage of sensitive information to attackers posing as trusted contacts.

  • Trains employees to report suspicious emails, improving rapid detection and response to real attacks.

  • Reduces a culture of irresponsibility for cybersecurity, making employees aware of their role in protecting the organization.

CONTROLS THIS DASHBOARD REPORTS ON

Framework: Phishing simulations are not explicitly required by most security frameworks, so phishing simulations can be viewed as an extension of security training requirements:

  • NIST CSF v2.0: Category PR.AT Awareness and Training, Subcategories PR.AT-01, PR.AT-02

  • PCI-DSS v4.0: Requirements 12.6.3.1 Security awareness training

  • CIS CSC v8.1: Control 14 Security Awareness and Skills Training, and the Safeguards for that control, depending on the content of the organization’s training program

  • DORA: Regulatory Technical Standard (RTS) Simplified ICT Risk Management Framework, Article 19 Human resources policy

PRIMARY KEY PERFORMANCE INDICATOR (KPI)

The dashboard reports on this Primary KPI:

  • Numerator: Users who have not failed more than a configurable number of phishing campaigns over the course of the reporting period.

  • Denominator: The total number of users who were sent phishing simulations during the reporting period.

COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

  • Compliance Status, Compliance Status User

  • Campaign: Campaign Name, Campaign Start Time, Campaign End Time, Campaign Status

  • Campaign-Details: Email Delivery Status, User Actions All, User Action Taken, User Action Reported, User Noncompliant Campaigns Count, User Noncompliant Risk Level, Action Event Time, Manager Email Address, Email Sent To Address, Email Name, Email Subject, Email Sent Time

  • Org Hierarchy: Owner Databee Id, Owner Email Address, Owner Employee Id, Owner Full Name, Owner Job Title, Owner Name, Manager Databee Id, Manager Email Address, Manager Full Name, Level 2, Level 3, Level 4, Level 5, Level 6

DATA SOURCES BY THIS DASHBOARD

  • OCSF.TRAINING_INVENTORY

  • CDP.USER

  • CDP.ORGANIZATION_HIERARCHY

Copyright © 2026 DataBee®, A Comcast Company.
DataBee® is a registered trademark of Comcast.