CyberStrength Knowledge Assessments

Assess Cybersecurity Awareness Beyond the Phish

CyberStrength Knowledge Assessments

Assess Cybersecurity Awareness Beyond the Phish

Our founders’ research pioneered the concept of simulated phishing attacks. But phishing is just one of the threats organizations are facing. We developed CyberStrength® to provide an end-to-end cybersecurity assessment tool — one that could identify areas of susceptibility related to email-based social engineering but also evaluate knowledge beyond the phish.

Launched in 2013, CyberStrength revolutionized the concept of employee knowledge assessments and gave breadth and depth to all areas of a cybersecurity awareness and training program. This first-of-its kind assessment tool enables you to create, administer, and analyze the results of organization-wide and targeted knowledge evaluations.

Request a Demo


Ideal for Early and Ongoing Cybersecurity Assessment Exercises

We suggest using CyberStrength to establish a baseline measurement of your employees’ understanding of critical cybersecurity topics, then periodically reassess to track progress and target areas of concern. You can gauge knowledge of your organization’s policies and procedures, and identify areas of susceptibility from an organizational level down to the individual.


Evaluate Employees' Security Awareness Beyond the Phish

CyberStrength’s library of more than 185 questions explores risks far beyond phishing. Our questions cover a range of cybersecurity subjects and test end-user knowledge of behaviors that can negatively impact your people, areas, data, and systems. You can also write your own questions to assess understanding of organizational policies and known issues.


Measure Knowledge Levels Without Simulated Attacks

We suggest pairing CyberStrength with simulated attacks, but it is also effective as a standalone tool — particularly if your organization is not receptive to using phishing tests. The scenario-based format offers a less invasive way to assess knowledge levels and then use that information to create a cybersecurity awareness and education plan that will be effective at managing end-user risk.


Reduce Risk with Our Continuous Training Methodology

CyberStrength cybersecurity assessments form an integral part of our Continuous Training Methodology: Assess, Educate, Reinforce, Measure. Wombat customers who have used this cyclical, ongoing approach to security awareness and training have realized up to a 90% reduction in successful external phishing attacks and malware infections.

About Our Methodology

CyberStrength: Key Benefits and Features

Library of 185+ Questions

Our comprehensive portfolio of 185+ cybersecurity questions allow you to assess your end users about all the topics that we cover in our interactive training modules. All questions are available in more than 35 languages, which allows you to consistently assess your global employees in their native languages.

Within our library, you’ll find a number of phishing-related assessment options — including safe interactions with emails, URLs, and websites — but you can go far beyond this single threat vector. CyberStrength helps you address other real-world cybersecurity issues, including proper use of mobile devices and mobile apps; understanding and avoiding social engineering scams; and other behaviors that can negatively impact your people, areas, data, and systems.

Custom Questions

You also have the option to create custom questions to evaluate your users’ understanding of company policies, known security issues, and other topics that are specifically relevant to your organization. This feature also gives you the flexibility to deliver highly targeted assessments to departments, groups, or individuals.

Custom Assessments

You can tailor your knowledge assessments using any combination and number of questions from our library and your selection of custom questions. You can send assessments to all users at once or target specific groups of end users based on properties you assign (e.g., department, job function, etc.). You decide the topics you want to cover, who will receive which questions, when a CyberStrength assignment will be sent, and the due date for completion.

Predefined CyberStrength

Our 11 Predefined CyberStrength options — each of which includes a set selection of questions— were developed to help streamline the administrative process and seamlessly link knowledge assessments to our interactive training modules. Each Predefined CyberStrength assessment offers the option for Auto-Enrollment, which allows administrators to set a pass/fail threshold for the assessment and then automatically assign follow-up training for those employees who fall below the threshold.

Following are the Predefined CyberStrength options that we currently offer and the corresponding cybersecurity awareness training modules that can be selected via Auto-Enrollment.

Broad Knowledge Assessments

We offer three options for broad assessments: 55 questions, 33 questions, and 22 questions. All three of these include a set selection of questions from all of our non-compliance CyberStrength topics; questions related specifically to the General Data Protection Regulation (GDPR), Protected Health Information (PHI)/HIPAA and the Payment Card Industry Data Security Standard (PCI DSS) are excluded from the mix.

Administrators can turn Auto-Enrollment on or off for the following 11 security awareness training modules, automatically generating assignments based on assessment results:

  • Data Protection and Destruction
  • Email Security
  • Mobile Device Security
  • Password Policy
  • Personally Identifiable Information
  • Physical Security
  • Safe Social Networks
  • Safer Web Browsing
  • Security Beyond the Office
  • Social Engineering
  • URL Training

Try our interactive training modules ›

General Topics and Associated Interactive Training Modules

Each of these five predefined assessments includes 10 to 15 questions about a specific topic. Administrators can choose to automatically assign one or more of the corresponding training modules noted, should a user fail to exhibit a clear understanding of the topic.

  1. Phishing – Email Security, URL Training
  2. Security Safeguards – Data Protection and Destruction, Physical Security, Password Policy
  3. Security on the Go – Mobile Device Security, Mobile App Security, Security Beyond the Office
  4. Online Safety – Safer Web Browsing, Safe Social Networking
  5. Protecting Personal Data – Personally Identifiable Information (PII), Data Protection and Destruction

Compliance-Related Topics and Associated Interactive Training Modules Our three compliance-related Predefined CyberStrength assessments deliver a set selection of 10 to 15 questions associated with the General Data Protection Regulation (GDPR), PHI/HIPAA, or PCI DSS cybersecurity requirements. Auto-Enrollment can be used to automatically assign the targeted follow-up training modules noted, if a user's assessment score reveals a need for additional education.

  1. Payment Card Industry – Payment Card Industry Data Security Standard (PCI DSS)
  2. Protected Health Info – Protected Health Information (PHI)
  3. GDPR - GDPR Overview, GDPR in Action


CyberStrength reports give you an at-a-glance view of strengths and weaknesses and allow you to tailor follow-up training efforts to address the most important topics in different areas of your organization. These reports allow you to review key factors related to your assessments, including the following:

  • Individual, group, and overall scores
  • Benchmarking data that compares your users' scores to other end users around the world
  • Scores by topic/category
  • Most missed questions
  • Completion status

Learn More

Integrated With Our Security Education Platform

CyberStrength is a component of our Security Education Platform, a learning management system that is purpose-built for infosec professionals. You can access all of our assessment and education tools from a single sign-on, and our intuitive interface simplifies program configuration and management.

The administrative capabilities of this tool allow you to easily build and assign assessments, measure progress, share business intelligence, and evaluate ROI.

Learn More

Multinational Support

Our comprehensive portfolio of 185+ CyberStrength questions are available in over 35 languages — and counting. Additionally, our Security Education Platform’s key administrative features streamline the creation, delivery, and management of security awareness and training programs across all regions.

Learn More

Results of an International Cybersecurity Awareness Survey

We selected Wombat because they offer a comprehensive cybersecurity preparedness platform. Wombat’s Platform enables us to assess internal risk and target training to employees who need it most, thereby strengthening our security profile. We value the opportunity to collaborate with Wombat as the company continues to expand its suite of cybersecurity training modules.

Manager of IT Security and Risk Management | Del Monte Foods

Typically, any audit is not an enjoyable thing, but in our case we did very well in the security awareness and training section, partly based on our work with the Wombat team. Having metrics to gauge staff was a big plus for the auditors.

Cyber Security Risk Management Team | International chemical company

Very positive feedback from end users; setup was easy; support from Wombat was top-notch and provided many learning materials and best practices for deployment / continuing education 3+ years out.

IT Manager | Wombat Customer

Wombat Security: A Leading Behavior-Change Company

Continuous Training Methodology based on proven Learning Science Principles

Founded in 2008 based on research at Carnegie Mellon University

A leader for five consecutive years in the Gartner Magic Quadrant

Global customer base, including many Fortune 500 companies

Wombat Security: A Leading Behavior-Change Company

Continuous Training Methodology based on proven Learning Science Principles

Founded in 2008 based on research at Carnegie Mellon University

A leader for five consecutive years in the Gartner Magic Quadrant

Global customer base, including many Fortune 500 companies