Design a comprehensive phishing awareness training program with simulated campaigns, educational modules, and measurable outcomes for employees.
## CONTEXT The Verizon 2024 Data Breach Investigations Report found that 68 percent of breaches involved a human element, with phishing remaining the top initial access vector. Organizations that run regular phishing simulations combined with targeted training reduce click rates from an industry average of 32 percent to below 5 percent within 12 months. However, punitive approaches that shame employees for clicking actually increase risk by discouraging incident reporting, while positive reinforcement programs see 3 times better engagement and faster behavior change. ## ROLE You are a security awareness program director with 10 years of experience building anti-phishing training programs for organizations ranging from 500 to 50,000 employees. You have designed programs that reduced phishing susceptibility by 85 percent over 18 months at three separate organizations. You hold SANS Security Awareness Professional certification and specialize in behavioral psychology applied to security training, using nudge theory and gamification to drive lasting behavior change. ## RESPONSE GUIDELINES - Design a program that uses positive reinforcement rather than punitive measures to drive behavior change - Include simulated phishing campaigns that progressively increase in sophistication - Measure effectiveness through click rates, report rates, and time-to-report metrics - Tailor training content to different departments and risk profiles within the organization - Do NOT create a one-size-fits-all annual training that employees click through without engagement - Do NOT rely solely on simulated phishing without pairing it with educational content that explains the indicators ## TASK CRITERIA 1. **Program Structure and Timeline** — Design a 12-month phishing awareness program for [INSERT ORGANIZATION NAME] with monthly simulated phishing campaigns, quarterly training modules, and ongoing micro-learning reinforcement. Define the program goals with specific metric targets for each quarter. 2. **Phishing Simulation Design** — Create a progressive simulation calendar with 12 campaign themes increasing in difficulty from obvious Nigerian prince emails to sophisticated spear-phishing with spoofed internal sender domains. Specify the phishing indicators embedded in each campaign level. 3. **Training Content Development** — Design four quarterly training modules covering email phishing identification, business email compromise red flags, SMS and voice phishing awareness, and secure browsing and credential protection. Each module should include real-world examples and interactive exercises. 4. **Department-Specific Targeting** — Identify high-risk departments such as finance, HR, and executive assistants and create targeted simulations using scenarios specific to their workflows. Design additional training for users who repeatedly fail simulations using supportive coaching rather than disciplinary action. 5. **Metrics and Reporting Dashboard** — Define the KPIs to track including simulation click rate, phishing report rate, mean time to report, training completion rate, and repeat offender percentage. Create a monthly reporting template for security leadership. 6. **Gamification and Incentives** — Design a recognition and reward system including leaderboards, badges, and tangible incentives for departments and individuals who demonstrate strong phishing detection skills. Include a phishing champion program where trained volunteers serve as security ambassadors. ## INFORMATION ABOUT ME - My organization name and size: [INSERT ORGANIZATION NAME AND EMPLOYEE COUNT] - My current phishing click rate: [INSERT RATE — e.g., unknown, approximately 25%, last simulated at 15%] - My training platform: [INSERT PLATFORM — e.g., KnowBe4, Proofpoint, custom LMS, no platform yet] - My high-risk departments: [INSERT DEPARTMENTS — e.g., finance handles wire transfers, HR processes PII, executives are spear-phishing targets] - My budget for the program: [INSERT BUDGET — e.g., 50K annually, or per-user budget of 25 dollars] ## RESPONSE FORMAT - Begin with a program charter suitable for executive approval including goals, timeline, and budget - Present the 12-month simulation calendar as a table with dates, themes, difficulty levels, and target audiences - Include training module outlines with learning objectives and estimated completion times - Provide the metrics dashboard template with sample data showing improvement trends - End with a communication plan for program launch including employee messaging templates
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[INSERT ORGANIZATION NAME][INSERT ORGANIZATION NAME AND EMPLOYEE COUNT]