My last job posted the failure rate for every single phishing simulation, and nobody ever felt called out as a result.
We had between 1-10% fail any given test, but our ceo got phished successfully by an actual scam, and that had ripple effects because his account was compromised and sent out further phishing. So we all sort of knew that even those at the top fall for it, which made people who failed feel better.
My last job posted the failure rate for every single phishing simulation, and nobody ever felt called out as a result.
We had between 1-10% fail any given test, but our ceo got phished successfully by an actual scam, and that had ripple effects because his account was compromised and sent out further phishing. So we all sort of knew that even those at the top fall for it, which made people who failed feel better.