Digital Threat Digest Insights Careers Let's talk

Phishing vulnerability assessments

Did you know that phishing is the number one cause of data breaches and cyber attacks?

Download a shareable Phishing vulnerability assessment PDF

More than 90% of cyber breaches are a result of successful phishing campaigns

Successful phishing attacks can result in...

A loss of network functionality and degraded utilisation of hardware

Operational shut down

Significant reputational damage

Preventing successful phishing campaigns needs a combination of technical controls and human education.

We’ve helped hundreds of companies give their teams the knowledge and tools to manage phishing threats.

We do this with phishing assessments - controlled phishing campaigns delivered by PGI’s technical team. An assessment will not only enable you to understand the level of awareness across your workforce, it will boost awareness of risk and demonstrate how all employees can help to improve cyber security in the workplace, through better recognition of potential hazards.

We have prepared a shareable PDF which you can download here: Mitigate the phishing threat

Sophisticated phishing tests, tailored to your organisation

Phishing emails create the entry point on which hackers build their attacks. While off-the-shelf software options are available, these packages can’t provide your workforce with the experience of authentic phishing campaigns because they don’t reflect the increasingly sophisticated targeted tactics that attackers are using. A managed phishing assessment programme, tailored for your organisation gives your people the best chance to identify and manage an email if they receive one.

Get a quote

Up to 94% of malware is delivered via email

Every day that your team aren’t fully aware of the threat, your business is at a higher risk of a very real and damaging cyber-attack. And according to research by the UK Government, that could cost you, on average, £8,460 for small businesses and £13,400 for medium to large enterprises.

With a tailored phishing assessment from PGI, you will be able to:

  • Gain an understanding of your employees’ current awareness of phishing and social engineering threats, as well as identifying where the gaps are and which areas of the business, if any, need further training.
  • Understand technical weaknesses that can increase likelihood of phishing emails reaching your workforce. Businesses have more control of the technology being used in the workplace, usually by conducting due diligence when introducing new hardware and software. However, it is not as easy to ensure the same due diligence when it comes to employee action, with risk heightened through the use of out-of-date software, unsafe online behaviours, and by interacting with phishing emails.
  • By educating your workforce you decrease the likelihood of a phishing campaign being successful. Phishing campaigns can open organisations up to a range of threats, primarily that of malware, which includes computer viruses, spyware, rootkits, adware, keyloggers, participation in botnets, and ransomware. As an example, during the ‘WannaCry’ ransomware attack, an estimated 300,000 devices were infected.

Maximise your team's awareness of phishing techniques

Our phishing assessments use a range of techniques to uncover dangerous behaviour taken by users, such as disclosing passwords, user information, and other confidential data held by your business. The degree of email authenticity can be tailored, showing your employees just how convincing some phishing attempts can be.

We can help your organisation understand its security posture enabling you to make informed decisions on effective investment in education and technology, as well as improving your organisation’s level of security and awareness. This allows you to maximise the return of your cyber security budget, delivering demonstrable impact.

Get a quote

An end-to-end programme to safeguard your organisation

Test phishing campaign

PGI will conduct a bespoke test email phishing campaign, based on open-source research, our knowledge of your organisation, and the latest attacks targeted at your industry.


This campaign can be carried out over any period of time with multiple emails. The realism of these emails and the domain names used will vary to replicate the different abilities and skills used by attackers.


Upon failing to identify a phishing email, staff will be presented with a short educational message, such as a training video or webpage to help them identify and mitigate against that type of attack in the future.

Clear reporting provides you with valuable insights and evidence


We will monitor and report on the following metrics throughout the exercise:

• Opened phishing emails and potentially malicious links clicked/ attachments downloaded.

• Geographical location of the user opening the email to identify access in non-typical locations.

• Out-of-date browsers and plugins, identifying potentially vulnerable users.

• Users who are subject to phishing emails but have failed to complete follow-up training.

• Reductions in the number of successful phishing emails.


At the end of the campaign, our security experts will generate a comprehensive report, which will provide an analysis of your current cyber risk profile.

Phishing assessment packages

We offer three levels of phishing assessments, based on your business needs. All include:

  • A pre-engagement scoping call
  • Campaign set up
  • E-learning
  • Campaign monitoring and reporting

Our technical experts can work closely with your internal team to build out these assessments to include specific domain names and multiple emails.

Contact our Sales team to discuss what you need and how we can support you.

Speak to an expert

Why choose PGI?

We offer tailored assessments including end-to-end support. We do not provide off-the-shelf phishing assessments.

We understand wider digital risk. We don’t just focus on phishing, we have experience helping clients understand and mitigate all forms of digital risks, so we can help you take a holistic approach to managing them.

Our solutions are practical and affordable because they are focused to our clients’ needs, not a blanket approach.

We take a flexible approach because we know the cyber threat is constantly evolving so our team work to your needs and business requirements.

Get a quote