The annual Gone Phishing TournamentTM allows you to benchmark your organization's phishing resilience against true global standards. It's not just an exciting event but also a proven way to build a robust cyber-aware culture within your organization.
If you missed the chance to participate in this year’s tournament, you’ll still be able to get a copy of the 2023 Gone Phishing Tournament Report once released in December 2023.
2022 Throwback: Worldwide Phishing Defenses Put to the Test
In 2022, over 250 organizations from different industries participated in the Gone Phishing Tournament. They walked away with insightful, personalized metrics and a roadmap for enhancing their cyber security awareness training.
It’s an online phishing tournament that uses real-world simulations to establish accurate phishing clickthrough rates and additional benchmarking statistics for end user behaviors.
Who Should Participate?
Any organization that wants to measure their phishing click rate and other benchmarks against other participants in the same industry, region, and size range.
Why Should You Register?
By basing benchmarking data on a single phishing template deployed within a pre-determined period, the Gone Phishing Tournament provides organizations worldwide with the actionable insights they need to establish and grow a culture of cyber security awareness.
Co-sponsored by Microsoft, the Gone Phishing Tournament will use an email template from Attack simulation training, part of the capabilities included in Microsoft Defender for Office 365. Attack simulation training is an intelligent social engineering risk management tool that uses context-aware simulations and hyper-targeted training to educate your employees, and measures behavior change all on an automated platform, simplifying the design and deployment of security awareness training.
See how your organization’s phishing knowledge compares to others in your industry and region. Reserve your copy of the 2023 Gone Phishing Tournament benchmarking report and build a stronger, safer culture.
The Gone Phishing Tournament isn't just a competition. It's your chance to delve deep into the cyber world, understand its threats, and empower your team with the knowledge to fend off phishing attacks.
Explore how to:
Engage in real-world phishing scenarios
Gain and implement crucial feedback on your organization's resilience
Learn from a community dedicated to building a safer digital world
The tournament offers a unique opportunity to test your team's phishing defense capabilities, identify gaps in your current security training, and learn from global peers. It's a chance to transform your cyber security defenses while fostering a security-first culture.
Every year, the Gone Phishing Tournament template is selected based on examples of real-world phishing emails provided by Microsoft. Terranova Security will release more details about the simulation as we approach the event date, so stay tuned for more news shortly!
Registered organizations will be provided with a step-by-step walkthrough of important allowlisting instructions, including the IP address, domain name, and email subject line you’ll need to allowlist based on your organization’s existing policy.
Registered organizations can upload their Gone Phishing Tournament user list directly in the Gone Phishing Tournament Environment. Instructions on how to upload your user list will be sent out by email after you’ve submitted your registration information.
There is no limit on the number of users you can submit. To ensure benchmarking data that represents the reality of your organization’s click rate, a minimum of 25% of your global end user base is required to participate in the Gone Phishing Tournament.
All organizational information submitted for use in the Gone Phishing Tournament is processed, stored, and managed with the highest level of security and privacy in mind. All security controls and mechanisms already in place for existing customers apply for data collection related to the event.
Terranova Security will publish findings from this year’s global phishing simulation event in the upcoming edition of the Global Phishing Benchmark Report. This document will be available for download in December 2023. Personalized analytics and reporting will also be available to participating organizations in the Security Awareness Platform in early 2024.
Participating end users will be sent this year’s phishing simulation on a pre-determined date during the Gone Phishing Tournament. You can preview the simulation template by logging into your Security Awareness Platform account for the event. Organizations receive the same phishing simulation to ensure accurate, apples-to-apples data comparison. Please note that not all participating organizations are sent the phishing simulation simultaneously for security and bandwidth reasons.
Once the event has concluded, Terranova Security’s CISOs analyze data, and personalized results are delivered shortly after. Organizations will also receive a free copy of a new Phishing Benchmark Global Report, which provides an overview of the event’s results and trends security. leaders should take into account. The global report is published in the winter following the event.
Your organization can view and export its phishing simulation results directly in the Security Awareness Platform shortly after the event ends. Once notified that your results are ready, your Gone Phishing Tournament account administrator(s) can access them using their login credentials.
The global phishing benchmark report, which highlights overall results and CISO recommendations, will be available this coming winter.
After a participating organization registers for the Gone Phishing Tournament, they gain access to the dedicated Security Awareness Platform environment used for the event. Each organization’s view in the environment is restricted to only information associated with their administrator profile and end users . Additionally, a select number of Terranova Security employees have privileged access to all participating organization profiles to ensure a smooth setup, execution, and support process throughout the event.
Terranova Security manages all data related to the Gone Phishing Tournament with great care and diligence before, during, and after the event. Steps taken to ensure data privacy and regulatory compliance include:
All Gone Phishing Tournament data is stored in a separate database located in Europe.
Data from the event is encrypted at rest based on existing Microsoft Azure standards. You can read more about those standards by visiting Microsoft’s website.
Gone Phishing Tournament data is retained for 90 days from when the last phishing simulation email is sent.
The Gone Phishing Tournament database is anonymized and kept for benchmarking purposes only. It is destroyed once the data has been analyzed and annual reports distributed.
All administrators acting on behalf of participating organizations must complete the following steps before the Gone Phishing Tournament start date:
Provide all required organizational information.
Complete IP, URL, and domain allowlisting
Upload a participating user list with all mandatory fields filled out
Once you’ve completed the registration and password reset process, these steps are outlined to log into the Security Awareness Platform environment for the event. For assistance in completing this setup process, you can always contact the Terranova Security support team.
Every year, Terranova Security provides participating organizations with two different reports: a personalized breakdown of the organization’s performance, which is shared via the Security Awareness Platform, and the Global Phishing Benchmark Report, which is published the winter following the event.
The simulations are localized based on the end user language entered in the user list uploaded for the event. The 2023 edition of the Gone Phishing Tournament features a simulation available in 29 languages. If a desired language is not included in the list of 29 available options, the simulation will be sent to them in English.