Phishing Vulnerability Assessments

Defend your organisation
Phishing awareness training

90% of breaches involve phishing - train your workforce
to handle phishing attacks

Prevent loss of data, assets, reputation and money with PGI's phishing vulnerability assessments.

About Phishing

What is a Phishing Vulnerability Assessment?

More than 90% of cyber breaches are a result of successful phishing campaigns. These breaches can result in a loss of network functionality, degraded utilisation of hardware, and significant reputational damage. Phishing emails are responsible for threats entering networks and systems, providing intruders with a foothold to continue their attack from.

With phishing emails and the associated techniques that threat actors use becoming more sophisticated and harder to spot, PGI recommends phishing vulnerability assessments to help you minimise risk and improve your processes.


Why have a Phishing Vulnerability Assessment?

A phishing vulnerability assessment is designed to boost awareness of risk and demonstrate how all employees can help to improve cyber security in the workplace, through better recognition of potential hazards.

Take control of your business

Businesses can control the technology being used in the workplace, conducting due diligence when introducing new hardware and software. However, it is not as easy to ensure the same due diligence when it comes to employee action, with risk heightened through the use of out-of-date software, unsafe online behaviours, and by interacting with phishing emails.

Daily Intelligence Reports

Report Builder

Educate on common threats

Phishing campaigns can open organisations up to a range of threats, primarily that of malware, which includes computer viruses, spyware, rootkits, adware, keyloggers, participation in botnets, and ransomware. As an example, Ransomware is a major risk, with an estimated 300,000 devices infected in the ‘WannaCry’ ransomware attack alone.

Mitigate the risk of data breach

Through email compromise, cyber threats can impact an organisation’s bottom line; in just a 12-month period, 1,500 phishing reports were logged, costing UK businesses £32.2m.

Daily Intelligence Reports
How we conduct Phishing Vulnerability Assessments

How we conduct Phishing Vulnerability Assessments

At PGI, we use a simulation approach, or ‘ethical attack’, to carry out a controlled phishing campaign over a duration agreed with the customer.

We utilise various techniques in an attempt to uncover dangerous behaviour taken by users, such as disclosing passwords, user information, and other confidential data held by your business. The degree of email authenticity can be tailored, showing your employees just how convincing some phishing attempts can be.

Phishing simulation

PGI will conduct a bespoke test email phishing campaign, tailored to your organisation, based on:

  • Open source research
  • Our knowledge of your organisation
  • The latest attacks targeted at your industry

This campaign can be carried out over any period of time with multiple emails. The realism of these emails and the domain names used will vary to replicate the different abilities and skills used by attackers.

Upon failing to identify a phishing email, staff will be presented with a short educational message, such as a training video or webpage to help them identify and mitigate against that type of attack in the future.

Metrics and follow-up

PGI will monitor and report on the following metrics throughout the exercise:

  • Opened phishing emails and potentially malicious links clicked/ attachments downloaded.
  • Geographical location of the user opening the email to identify access in non-typical locations.
  • Out-of-date browsers and plugins, identifying potentially vulnerable users.
  • Users who are subject to phishing emails but have failed to complete follow-up training.
  • Reductions in the number of successful phishing emails.

At the end of the campaign, PGI’s security experts will generate a comprehensive report, which will provide an analysis of current cyber risk profile.

By understanding your organisation’s security posture, you can make informed decisions on effective investment in education and technology, as well as improving your organisation’s level of security and awareness. This allows you to maximize the return of your cyber security budget, delivering demonstrable impact.

Product & pricing

Price Inclusive
£ Request a price   Fully managed 4-week long campaign

   Bespoke customised template

   Comprehensive report


Why choose PGI?

PGI is a nationwide leader in phishing vulnerability assessments, offering a comprehensive, tailored assessment which not only highlights areas of risk, but also supports you and your employees as you work to build a safer, more secure work environment. We do this through a full review of the assessment findings, and by delivering relevant educational resources to your employees.

Reports suggest that only 20% of businesses offer cyber security training for their staff. It is our aim to provide you with the necessary resources to train your staff on site, at their desks as part of their normal operating routine, improving their understanding of phishing risks.

Register anchor

Phishing knowledge hub

It is crucial that a workforce understands how it could be targeted by phishing, as well as knowing how to prevent it from happening. Here are a few resources and products that could help keep you cautious.

Products & resources

Training anchor

NCSC'S Phishing Guide

Keep to hand the National Cyber Security Centre's new phishing guide.

Find out more 

Take our phishing test

Why not try out our phishing test to see if you can spot a scam email?

Find out more  

Cyber Essentials

Ensure your organisation is protected against the most common cyber threats with Cyber Essentials.

Find out more 

Blog posts

PayPal users targeted in new phishing campaign

Read article 

Hackers aiming to land the
big phish

Read article  

Law firms and why they need
cyber security

Read article  
Register anchor

Want to purchase or need more information? Why not speak to one of our experts.

Choose a day and time and one of our team will be in touch.
Alternatively, call us on +44 (0)207 887 2699 or email us at

+44 (0)207 887 2699
©2019 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Address: Unit 13/14, Swallow Court, Sampford Peverell, Tiverton, England, EX16 7EJ