What is a Phishing Vulnerability Assessment?

More than 90% of cyber breaches are a result of successful phishing campaigns. These breaches can result in a loss of network functionality, degraded utilisation of hardware, and significant reputational damage. Phishing emails are responsible for threats entering networks and systems, providing intruders with a foothold to continue their attack from.

With phishing emails and the associated techniques that threat actors use becoming more sophisticated and harder to spot, PGI recommends phishing vulnerability assessments to help you minimise risk and improve your processes.

Why have a Phishing Vulnerability Assessment?


A phishing vulnerability assessment is designed to boost awareness of risk and demonstrate how all employees can help to improve cyber security in the workplace, through better recognition of potential hazards.

  • Take control of your business Read more Read less

    Businesses can control the technology being used in the workplace, conducting due diligence when introducing new hardware and software. However, it is not as easy to ensure the same due diligence when it comes to employee action, with risk heightened through the use of out-of-date software, unsafe online behaviours, and by interacting with phishing emails.

  • Educate on common threats Read more Read less

    Phishing campaigns can open organisations up to a range of threats, primarily that of malware, which includes computer viruses, spyware, rootkits, adware, keyloggers, participation in botnets, and ransomware. As an example, Ransomware is a major risk, with an estimated 300,000 devices infected in the ‘WannaCry’ ransomware attack alone.

  • Mitigate the risk of data breach Read more Read less

    Through email compromise, cyber threats can impact an organisation’s bottom line; in just a 12-month period, 1,500 phishing reports were logged, costing UK businesses £32.2m.

Ready to get started? Speak to one of our experts.

If you have any questions about our services or would like to learn more about our consultants here at PGI, please get in touch with us and speak with one of the team, call us on +44 (0)845 600 4403 or email us at sales@pgitl.com

Get in touch

How we conduct Phishing Vulnerability Assessments


At PGI, we use a simulation approach, or ‘ethical attack’, to carry out a controlled phishing campaign over a duration agreed with the customer.

We use various techniques to uncover dangerous behaviour taken by users, such as disclosing passwords, user information, and other confidential data held by your business. The degree of email authenticity can be tailored, showing your employees just how convincing some phishing attempts can be.

By understanding your organisation’s security posture, you can make informed decisions on effective investment in education and technology, as well as improving your organisation’s level of security and awareness. This allows you to maximize the return of your cyber security budget, delivering demonstrable impact.

  • Phishing simulation Read more Read less

    Test phishing campaign: PGI will conduct a bespoke test email phishing campaign, tailored to your organisation, based on: open source research, our knowledge of your organisation and the latest attacks targeted at your industry

    Differentiation: This campaign can be carried out over any period of time with multiple emails. The realism of these emails and the domain names used will vary to replicate the different abilities and skills used by attackers.

    Training: Upon failing to identify a phishing email, staff will be presented with a short educational message, such as a training video or webpage to help them identify and mitigate against that type of attack in the future.

  • Metrics and follow-up Read more Read less

    Monitoring: PGI will monitor and report on the following metrics throughout the exercise:

    • Opened phishing emails and potentially malicious links clicked/ attachments downloaded.
    • Geographical location of the user opening the email to identify access in non-typical locations.
    • Out-of-date browsers and plugins, identifying potentially vulnerable users.
    • Users who are subject to phishing emails but have failed to complete follow-up training.
    • Reductions in the number of successful phishing emails.

    Reporting: At the end of the campaign, PGI’s security experts will generate a comprehensive report, which will provide an analysis of current cyber risk profile.

Why choose PGI?

PGI is a nationwide leader in phishing vulnerability assessments. We offer a comprehensive, tailored assessment which not only highlights areas of risk, but also supports you and your employees as you work to build a safer, more secure work environment. We do this through a full review of the assessment findings, and by delivering relevant educational resources to your employees.

Reports suggest that only 20% of businesses offer cyber security training for their staff. It is our aim to provide you with the necessary resources to train your staff on site, at their desks as part of their normal operating routine, improving their understanding of phishing risks.

Want to find out more?