CyberStrength: Assessing Beyond the Phish

Our founders’ research pioneered the concept of simulated phishing attacks. But phishing is just one threat organizations are facing. We developed CyberStrength® to support our vision of an end-to-end cybersecurity assessment tool, one that could identify areas of susceptibility beyond the phish.

When it was launched in 2013, CyberStrength revolutionized the concept of employee knowledge assessments and gave breadth and depth to all areas of a security awareness and training program. This first-of-its kind assessment tool enables you to create, administer, and analyze the results of organization-wide and targeted cybersecurity knowledge evaluations.

Request a Demo


CyberStrength is ideal for early and ongoing assessment exercises, including the following:

  • Establishing a baseline measurement of your employees’ understanding of critical cybersecurity topics (including phishing).
  • Assessing beyond the phish to evaluate vulnerabilities related to mobile devices and mobile apps, data management, physical security, and more.
  • Identifying areas of susceptibility from the organizational level down to the individual level.
  • Gauging knowledge of organizational policies and procedures.
  • Tracking progress and targeting existing and emerging areas of concern.


CyberStrength Introduction


How Does CyberStrength Fit Into my Security Awareness and Training Program?

Though we suggest pairing CyberStrength with our simulated phishing, smishing, and USB attacks, it is also effective as a standalone assessment tool. This flexibility is particularly valuable if your organization is not receptive to using simulated attacks. The scenario-based CyberStrength format offers a less invasive way to evaluate knowledge levels and use that information to plan a cybersecurity education plan that will be the most effective at managing end-user risk.

CyberStrength is part of the Assess component of our Continuous Training Methodology. Wombat customers who have used this cyclical, ongoing approach to security awareness and training have realized up to a 90% reduction in successful external phishing attacks and malware infections.

Learn More
security awareness training methodology

CyberStrength Features

Our comprehensive portfolio of 150+ cybersecurity questions allow you to assess your end users about all the topics that we cover in our interactive training modules. All questions are available in nearly 20 translations, which allows you to consistently assess your global employees in their native languages.

Within our library, you’ll find a number of phishing-related assessment options — including safe interactions with emails, URLs, and websites — but you can go far beyond this single threat vector. CyberStrength helps you address other real-world cybersecurity issues, including proper use of mobile devices and mobile apps; understanding and avoiding social engineering scams; and other behaviors that can negatively impact your people, areas, data, and systems. 

Choose from our library of 150+ questions or create custom questions when building your assessment. Use custom questions to evaluate understanding of company policies and the prevalence of known issues.

You can build custom knowledge assessments using any combination and number of questions from our library. Send assessments to all users or specific groups of end users based on properties you assign (e.g., department, job function, etc.). You decide the topics you want to cover, who will receive which questions, when a CyberStrength assignment will be sent, and the due date for completion.

Our ten Predefined CyberStrength options — each of which includes a set selection of questions— were developed to help streamline the administrative process and seamlessly link knowledge assessments to our interactive training modules. Each Predefined CyberStrength assessment offers the option for Auto-Enrollment, which allows administrators to set a pass/fail threshold for the exercise and then automatically assign follow-up training for those employees who fall below the threshold.

Following are the Predefined CyberStrength assessments that we currently offer and the corresponding interactive training modules that can be selected via Auto-Enrollment.

Broad Knowledge Assessments

We offer three options for broad assessments: 55 questions, 33 questions, and 22 questions. All three of these include a set selection of questions from all of our non-compliance CyberStrength assessment topics (questions related specifically to Protected Health Information (PHI)/HIPAA and PCI DSS are excluded from the mix). Administrators can turn Auto-Enrollment on or off for the follow 11 modules from our interactive training portfolio, automatically generating assignments based on assessment results:

  • Data Protection and Destruction
  • Email Security
  • Mobile Device Security
  • Passwords
  • Personally Identifiable Information
  • Physical Security
  • Safe Social Networks
  • Safer Web Browsing
  • Security Beyond the Office
  • Social Engineering
  • URL Training

Try our interactive training modules ›

General Topics and Associated Interactive Training Modules

Each of these five predefined assessments include 10 to 15 questions about the specific topic noted. Administrators can choose to automatically assign the corresponding training modules should a user fail to exhibit a clear understanding of the topic.

  1. Phishing – Email Security, URL Training
  2. Security Safeguards – Data Protection and Destruction, Physical Security, Password Security
  3. Security on the Go – Mobile Device Security, Mobile App Security, Security Beyond the Office
  4. Online Safety – Safer Web Browsing, Safe Social Networking
  5. Protecting Personal Data – Personally Identifiable Information (PII), Data Protection and Destruction

Compliance-Related Topics and Associated Interactive Training Modules

Our two compliance-related Predefined CyberStrength assessments deliver a set selection of 10 to 15 questions associated with either PHI/HIPAA or PCI DSS cybersecurity requirements. Auto-Enrollment can be used to automatically assign targeted follow-up training as needed based on a users’ assessment score.

  1. Payment Card Industry – Payment Card Industry Data Security Standard (PCI DSS)
  2. Protected Health Info – Protected Health Information (PHI)

Our reporting capabilities give you both high-level and granular looks at your employees’ assessment results. Reports can be exported, which allows you to include the information in presentations to executive management and other interested parties.

Two reports are available for CyberStrength:

  • Assessment Report – This dynamic report shows the overall status of your CyberStrength assignments, aggregating user data to identify the strengths and weaknesses in your users’ cyber security knowledge. Charts illustrate the top-scoring content areas as well as the highest scoring groups across all participants. Administrators can use dynamic and flexible filtering to narrow in on the data that can help them identify knowledge gaps in your organization’s cyber security posture.
  • Risk Report – Each section of this report gives you the ability to drill down into detailed information about a range of assessment results, including scores by group, lowest overall score by group, most missed questions, and lowest scores by person. You can use this analysis to tailor your follow-up training efforts and focus on the most important topics in different areas of your organization.
Learn More

CyberStrength is a component of our Security Education Platform and is managed from the same interface as our other security awareness and training products. You can access all of our assessment and education tools from a single sign-on, and our intuitive interface simplifies program configuration and management.

The administrative capabilities of this tool allow you to easily build and assign assessments, measure progress, and calculate ROI:

  • Build assessments using any number of questions from our 150+ library available in nearly 20 languages. Choose a broad assessment or target a specific topic.
  • Customize your assignments. You decide which employees receive which questions, when the assessment will be sent, and the due date for completion.
  • Add custom questions to your library that address specific organizational policies and/or known issues.
  • Choose from our seven Predefined CyberStrength options — each of which includes a set selection of 10 to 15 questions about a specific topic — which were developed to help streamline the administrative process and seamlessly link knowledge assessments and our interactive training modules.
  • Use detailed reports to benchmark, track, and trend user knowledge. Share progress with decision-makers and integrate into overall cyber security metrics.
  • Target your education efforts based on your results. This allows you to reduce overall training time and focus on risks that are of immediate relevance.

Our comprehensive portfolio of 150+ CyberStrength questions are available in 20 languages — and counting. Additionally, our Security Education Platform’s key administrative features streamline the creation, delivery, and management of security awareness and training programs across all regions.

Learn More


The Wombat Advantage

Wombat customers have access to the following suite of premium services at no additional cost:

Customer Success Manager

Award-Winning Support

Multinational Support

Unlimited Platform Use

Wombat Wisdom

Real-Time Reporting