How a Global Consulting Firm Fixed Its Phishing Simulation Accuracy and Reduced Human Cyber Risk
Learn how a global consulting firm stopped fake phishing clicks from bots, fixed inaccurate reports, and reduced human cyber risk with Keepnet’s Human Risk Management platform.
2025-05-02
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
A leading global consulting firm with 45,000+ employees worldwide was running a highly advanced cybersecurity operation. With a complex enterprise infrastructure, Microsoft Office 365, and layered email defenses — including Proofpoint and a robust internal Security Operations Center (SOC) — the organization was well-equipped to fend off external threats.
Yet, when it came to phishing simulations and security awareness training, they faced a hidden and costly problem: inaccurate simulation data.
This blog post explores how they identified the issue, transformed their simulation accuracy, and reduced human cyber risk with Keepnet.
The Hidden Challenge: Ghost Clicks and Inaccurate Metrics
Despite fully whitelisting phishing simulation IPs and domains across Microsoft Defender and third-party tools, the organization continued to see inaccurate results in its phishing simulation reports.
- Users were reported as having clicked on phishing links without opening the emails.
- Simulation results were filled with misleading data, making them unreliable and hard to act upon.
- Even with full whitelisting across Microsoft Defender, sandboxes, and Proofpoint, the problem persisted.
These false positives, caused by automated systems pre-analyzing emails, led to distrust in the metrics. Security teams couldn’t confidently measure user behavior, which undermined compliance efforts and reduced program effectiveness.
To learn how to avoid misleading results and set metrics that reflect real user behavior, explore the Keepnet article: How to Set the Right Security Awareness Metrics to Protect Your Organization.
The Turning Point: A Proof of Value with Keepnet
Frustrated with unreliable data and growing pressure to meet compliance standards, the firm turned to Keepnet for a Proof of Value (PoV). The goal is to test whether Keepnet’s solution could provide clarity and accuracy where others have failed.
What they found was transformative:
- 100% elimination of bot clicks from security tools like Microsoft Defender, AI scanners, and sandboxes.
- No need for extensive whitelisting, which reduced time and operational complexity.
- Accurate reporting based on real user interactions, not system-generated artifacts.
Keepnet's platform instantly resolved their most critical issue — trust in the data.
To see how advanced reporting can pinpoint high-risk areas in your organization, check out the Keepnet guide on Executive Reports: Companies with the Highest Risk Scores.
The Outcome: Reliable Compliance and Measurable Human Risk Reduction
The results of the PoV were so compelling that the organization quickly adopted Keepnet as its go-to phishing simulation and security awareness tool. With Keepnet, they:
- Achieved compliance by accurately measuring human response to phishing.
- Protected their brand and reputation with data they could trust.
- Shifted focus from technical troubleshooting to driving behavior change and risk reduction.
Keepnet’s seamless compatibility with Microsoft environments and its ability to filter out non-human interactions gave their cybersecurity team the confidence and clarity they had been missing.
Facing False Clicks with Your Current Awareness Provider? Let’s Fix That.
Many security teams using platforms like KnowBe4, Hoxhunt, and Proofpoint face a critical challenge: bots and email security tools auto-click phishing links, generating false positives. These non-human clicks distort simulation results, making it nearly impossible to measure real user behavior—and creating endless whitelisting headaches.
Keepnet eliminates this problem at the root
Keepnet Human Risk Management platform uses advanced bot detection and filtering technology to ensure that only real user interactions are recorded—no clicks from sandboxes, AI scanners, or security gateways. This means:
- 100% human-verified reporting
- No more wasted hours managing whitelists
- Accurate insights you can use to improve user behavior and meet compliance goals
With Keepnet, you don’t just run simulations—you get clean, actionable data that drives real risk reduction.
To understand how to identify and manage users who repeatedly fall for phishing attempts, explore the Keepnet article: Executive Reports: Insights on Repeat Clickers in Phishing Simulations.
SHARE ON