# Phishing Risk Assessment Tool
> Free online tool to evaluate an organization's phishing vulnerability, estimate breach costs, and receive actionable security recommendations.

## What This Tool Does
The Phishing Risk Assessment Tool at phishingrisk.com helps security professionals, CISOs, and IT managers quantify their organization's exposure to phishing and social engineering attacks. It produces a risk score (0–100), an estimated annual breach cost, personalized mitigation recommendations, and a training ROI calculation — all in the browser with no data sent to a server.

## Key Features
- Risk score calculated from 20+ weighted factors including training frequency, email security controls, access management, remote workforce size, and emerging threats
- Industry-specific breach cost estimates based on IBM Cost of Data Breach Report data (updated 2026)
- Covers 2026 threat vectors: AI-generated phishing, QR code phishing (quishing), deepfake audio/video attacks, AiTM MFA bypass, Teams/Slack phishing, OAuth consent phishing, shadow AI data exfiltration
- Exportable PDF report with recommendations and partner resources
- No account required; fully client-side calculation

## Assessment Inputs
- Organization size and industry (General, Financial, Healthcare, Energy, Government, Technology, Education)
- Security awareness training frequency and recency
- Phishing simulation testing cadence
- Email security controls: SPF, DKIM, DMARC, URL scanning, attachment scanning, AI detection
- Access management approach (Zero Trust to minimal)
- Remote workforce percentage
- Security team resources and budget allocation
- Vendor security controls and incident response readiness
- Password policy strength
- QR code (quishing) awareness training
- Mobile security training
- Deepfake/AI voice phishing awareness (2026)
- MFA type: FIDO2/passkeys vs TOTP vs SMS OTP — AiTM bypass resistance (2026)
- Collaboration platform phishing controls: Teams, Slack, Discord (2026)
- Generative AI / Shadow AI data handling policy (2026)
- OAuth / consent phishing controls (2026)

## Risk Score Methodology
Base score starts at 50. Each factor adds or subtracts points based on industry research. Final score is clamped to 0–100. Breach cost = employees × 20 records × industry cost-per-record × (riskScore/100). Training ROI assumes a 40% risk reduction from comprehensive training.

## Data Sources
- IBM Cost of Data Breach Report 2025–2026
- FBI Internet Crime Complaint Center (IC3) 2025 Annual Report
- APWG Phishing Activity Trends Reports
- Verizon Data Breach Investigations Report

## Supported Use Cases
- CISOs building security budget justifications
- Security teams preparing board-level risk presentations
- Compliance teams assessing phishing control gaps
- IT managers evaluating training program ROI

## Related Tools (Sister Sites)
- CISO Marketplace: https://cisomarketplace.services/
- Generate Policy: https://generatepolicy.com/
- Global Compliance Map: https://globalcompliancemap.com/
- IR Maturity Assessment: https://ir.breached.company/
- Cyber Insurance Calculator: https://cyberinsurancecalc.com/
- CISO Budget Builder: https://cisobudgetbuilder.com/

## Licensing & Usage
Free to use. Results are estimates for planning purposes and do not constitute professional security advice. No personal or organizational data is stored.

## Contact
Site: https://phishingrisk.com
Network: https://cyberadx.network/