Participate in our Gone Phishing Tournament!

Tournament runs from November 13-17
Register by November 10 to save your spot

The annual Gone Phishing TournamentTM allows you to benchmark your organization's phishing resilience against true global standards. It's not just an exciting event but also a proven way to build a robust cyber-aware culture within your organization.

participating end users worldwide.

participating organizations.

phishing simulation languages deployed.

2022 Throwback: Worldwide Phishing Defenses Put to the Test 

Last year, over 250 organizations from different industries participated in the Gone Phishing Tournament. They walked away with insightful, personalized metrics and a roadmap for enhancing their cyber security awareness training.

Will you be next?

What is the Gone
Phishing Tournament?

It’s an online phishing tournament that uses real-world simulations to establish accurate phishing clickthrough rates and additional benchmarking statistics for end user behaviors.

Who Should Participate?

Any organization that wants to measure their phishing click rate and other benchmarks against other participants in the same industry, region, and size range.

Why Should You Register?

By basing benchmarking data on a single phishing template deployed within a pre-determined period, the Gone Phishing Tournament provides organizations worldwide with the actionable insights they need to establish and grow a culture of cyber security awareness.

Co-sponsored by Microsoft, the Gone Phishing Tournament will use an email template from Attack simulation training, part of the capabilities included in Microsoft Defender for Office 365. Attack simulation training is an intelligent social engineering risk management tool that uses context-aware simulations and hyper-targeted training to educate your employees, and measures behavior change all on an automated platform, simplifying the design and deployment of security awareness training.

See how your organization’s phishing knowledge compares to others in your industry and region.
Sign up for the 2023 edition of the Gone Phishing Tournament and build a stronger, safer culture.

Missed the Previous Tournament? Don't Let This Opportunity Slip Away! 

Take the chance to validate your organization's phishing resilience, gain actionable insights, and secure your digital fortress—all in one competitive, collaborative event.

With the 2023 Gone Phishing Tournament, experience:


A real-world phishing scenario that tests your team's readiness


Valuable metrics to evaluate your current cyber security training effectiveness


Opportunities to accurately compare your results to global benchmarks

A Cyber Security Event Like No Other 

The Gone Phishing Tournament isn't just a competition. It's your chance to delve deep into the cyber world, understand its threats, and empower your team with the knowledge to fend off phishing attacks.

Explore how to:

Engage in real-world phishing scenarios
Gain and implement crucial feedback on your organization's resilience
Learn from a community dedicated to building a safer digital world

Gone Phishing Tournament FAQ

It's simple! Just click the registration button and follow the steps. We're excited to see you there!

Any organization looking to evaluate its phishing resilience and enhance its security awareness training can participate.

The tournament offers a unique opportunity to test your team's phishing defense capabilities, identify gaps in your current security training, and learn from global peers. It's a chance to transform your cyber security defenses while fostering a security-first culture.

Every year, the Gone Phishing Tournament template is selected based on examples of real-world phishing emails provided by Microsoft. Terranova Security will release more details about the simulation as we approach the event date, so stay tuned for more news shortly!

Registered organizations will be provided with a step-by-step walkthrough of important allowlisting instructions, including the IP address, domain name, and email subject line you’ll need to allowlist based on your organization’s existing policy.

Registered organizations can upload their Gone Phishing Tournament user list directly in the Gone Phishing Tournament Environment. Instructions on how to upload your user list will be sent out by email after you’ve submitted your registration information.

There is no limit on the number of users you can submit. To ensure benchmarking data that represents the reality of your organization’s click rate, a minimum of 25% of your global end user base is required to participate in the Gone Phishing Tournament.

All organizational information submitted for use in the Gone Phishing Tournament is processed, stored, and managed with the highest level of security and privacy in mind. All security controls and mechanisms already in place for existing customers apply for data collection related to the event.

Terranova Security will publish findings from this year’s global phishing simulation event in the upcoming edition of the Global Phishing Benchmark Report. This document will be available for download in December 2023. Personalized analytics and reporting will also be available to participating organizations in the Security Awareness Platform in early 2024.

No, the Terranova Security team will manage the Gone Phishing Tournament simulation launch during the pre-determined deployment period.

Participating end users will be sent this year’s phishing simulation on a pre-determined date during the Gone Phishing Tournament. You can preview the simulation template by logging into your Security Awareness Platform account for the event. Organizations receive the same phishing simulation to ensure accurate, apples-to-apples data comparison. Please note that not all participating organizations are sent the phishing simulation simultaneously for security and bandwidth reasons.

Once the event has concluded, Terranova Security’s CISOs analyze data, and personalized results are delivered shortly after. Organizations will also receive a free copy of a new Phishing Benchmark Global Report, which provides an overview of the event’s results and trends security. leaders should take into account. The global report is published in the winter following the event.

Your organization can view and export its phishing simulation results directly in the Security Awareness Platform shortly after the event ends. Once notified that your results are ready, your Gone Phishing Tournament account administrator(s) can access them using their login credentials.

The global phishing benchmark report, which highlights overall results and CISO recommendations, will be available this coming winter.

The participating organization’s administrator(s) will be required to complete local authentication.

After a participating organization registers for the Gone Phishing Tournament, they gain access to the dedicated Security Awareness Platform environment used for the event. Each organization’s view in the environment is restricted to only information associated with their administrator profile and end users . Additionally, a select number of Terranova Security employees have privileged access to all participating organization profiles to ensure a smooth setup, execution, and support process throughout the event.

Any participating organization can upload relevant information, including their user list for the event, through their administrator profile.

The minimum Transport Layer Security (TLS) supported for the Gone Phishing Tournament is 1.2.

As of this writing, there are no additional protocols in place other than HTTPS.

The cloud provider used for the Gone Phishing Tournament is Microsoft Azure.

Privileged access permission to the Gone Phishing Tournament environment on the Security Awareness Platform is reviewed every year in the months leading up to the annual event.

No, access logging sends to a SIEM is not possible.

Terranova Security manages all data related to the Gone Phishing Tournament with great care and diligence before, during, and after the event. Steps taken to ensure data privacy and regulatory compliance include:

  • All Gone Phishing Tournament data is stored in a separate database located in Europe.
  • Data from the event is encrypted at rest based on existing Microsoft Azure standards. You can read more about those standards by visiting Microsoft’s website.
  • Gone Phishing Tournament data is retained for 90 days from when the last phishing simulation email is sent.
  • The Gone Phishing Tournament database is anonymized and kept for benchmarking purposes only. It is destroyed once the data has been analyzed and annual reports distributed.

All administrators acting on behalf of participating organizations must complete the following steps before the Gone Phishing Tournament start date:

  1. Provide all required organizational information.
  2. Complete IP, URL, and domain allowlisting
  3. Upload a participating user list with all mandatory fields filled out

Once you’ve completed the registration and password reset process, these steps are outlined to log into the Security Awareness Platform environment for the event. For assistance in completing this setup process, you can always contact the Terranova Security support team.

Every year, Terranova Security provides participating organizations with two different reports: a personalized breakdown of the organization’s performance, which is shared via the Security Awareness Platform, and the Global Phishing Benchmark Report, which is published the winter following the event.

The simulations are localized based on the end user language entered in the user list uploaded for the event. The 2023 edition of the Gone Phishing Tournament features a simulation available in 29 languages. If a desired language is not included in the list of 29 available options, the simulation will be sent to them in English.

The Tournament Is Free - Register Now!

Save your spot for the 2023 Gone Phishing Tournament!

If you would like to register or have any inquiries, please contact us at [email protected]

Copyright © Fortra, LLC and its group of companies. Fortra™, the Fortra™ logos, and other identified marks are proprietary trademarks of Fortra, LLC. Privacy Policy | Cookie Policy

Terranova Security