Security assessment tool
Cybersecurity Awareness
Training Calculator
Assess whether an employee or organization requires cybersecurity awareness training based on risk indicators.
Role & access level
General staff
Email, basic apps
Knowledge worker
Data & documents
Finance / HR / Legal
Sensitive records
IT / Admin / DevOps
System privileges
Last security training
Within 6 mo
Up to date
6–12 months
Fading
Over a year
Outdated
Observed behaviors & risk indicators
Clicked phishing simulation links
Failed recent phishing tests
Uses weak or reused passwords
No password manager in use
Shares credentials or devices
Loaned login or work hardware
Unattended screen without lock
Leaves workstation unlocked
Uses personal devices for work
No MDM or BYOD policy followed
Unaware of social engineering
Can’t identify pretexting or vishing
2FA not enabled or bypassed
Skips multi-factor authentication
Reports phishing slowly or never
No incident reporting habit