All Templates

Phishing Awareness & Security Behavior Survey Template

Quick pulse survey to gauge employee phishing detection, reporting, and security habits to spot risks, guide training, and strengthen your security culture.

What's Included

AI-Powered Questions

Intelligent follow-up questions based on responses

Automated Analysis

Real-time sentiment and insight detection

Smart Distribution

Target the right audience automatically

Detailed Reports

Comprehensive insights and recommendations

Sample Survey Items

Q1
Multiple Choice
In the past 30 days, did you receive any message you considered suspicious (email, SMS/text, or chat)?
  • Yes
  • No
  • Not sure
Q2
Numeric
Approximately how many suspicious or phishing-like messages did you notice in the past 30 days? Enter a whole number (0 if none).
Accepts a numeric value
Whole numbers only
Q3
Matrix
In the past 60 days, how often did you do each of the following?
RowsNeverRarelySometimesOftenAlways
Hover over links to preview the URL before clicking
Check the sender’s address and domain
Use the phishing report button or reporting channel
Avoid opening unexpected attachments
Verify unusual or high‑risk requests via a known channel
Complete required security training on time
Q4
Rating
How confident are you in handling a suspicious message appropriately?
Scale: 10 (star)
Min: Not at all confidentMax: Very confident
Q5
Ranking
When judging email legitimacy, order these cues from most to least important.
Drag to order (top = most important)
  1. Sender domain and address
  2. Link URL on hover
  3. Urgent or threatening tone
  4. Unexpected attachments
  5. Requests for credentials or payment
  6. Grammar/spelling quality
Q6
Multiple Choice
What is your most common way to report suspected phishing?
  • Report Phish button/add-in in email
  • Security email alias
  • IT helpdesk ticket
  • Messaging app bot
  • Tell my manager
  • I don't report them
  • I'm not sure
Q7
Numeric
On average, how many minutes pass between noticing a suspicious message and reporting it? Enter a whole number of minutes (enter 0 if you typically don't report).
Accepts a numeric value
Whole numbers only
Q8
Multiple Choice
What are the biggest blockers to reporting quickly? Select up to 3.
  • Not sure what to include in a report
  • Unsure which channel to use
  • Worried about reporting a false alarm
  • Too busy/no time
  • Reporting tools are hard to find/use
  • No feedback after reporting
  • I resolve it myself instead of reporting
  • None of the above
Q9
Multiple Choice
Attention check: To confirm you are paying attention, please select "I am paying attention".
  • I am paying attention
  • I skim surveys
  • I'm not sure
  • Prefer not to answer
Q10
Dropdown
When did you last complete mandatory security awareness training?
  • Within the last 30 days
  • 31–90 days ago
  • 3–6 months ago
  • More than 6 months ago
  • I have not taken it
  • I don't remember
Q11
Multiple Choice
Which of the following security practices do you use on your primary work devices? Select all that apply.
  • Multi-factor authentication (MFA)
  • Password manager for work accounts
  • Automatic OS and browser updates enabled
  • Lock screen when away
  • Use VPN on public networks
  • Unique passwords per service
  • Phishing-report add-in/button is installed
  • I use none of these
Q12
Constant Sum
Allocate 100 points to the areas where investment would most improve phishing readiness for your team.
Total must equal 100
  • Better reporting tools and integrations
  • More frequent simulated phishing exercises
  • Improved training content and refreshers
  • Faster feedback after reports
  • Just-in-time guidance in email apps
  • Manager reinforcement and team nudges
  • Stronger technical filtering/defenses
Min per option: 0Whole numbers only
Q13
Multiple Choice
Which actions are recommended when you suspect phishing? Select all that apply.
  • Use the report button or security alias
  • Avoid clicking links or opening attachments
  • Verify requests via a known channel
  • Share the suspicious email in a public chat
  • Forward to personal email to check later
  • Reply to the sender asking if it's legitimate
  • Delete without reporting
Q14
Dropdown
What is your primary role?
  • Engineering/IT
  • Operations
  • Finance/Accounting
  • Sales/Marketing
  • HR/People
  • Legal/Compliance
  • Product/Design
  • Customer Support/Success
  • Executive/Leadership
  • Other
Q15
Dropdown
How long have you been with the company?
  • < 6 months
  • 6–12 months
  • 1–3 years
  • 3–5 years
  • 5+ years
Q16
Dropdown
Where do you primarily work?
  • Americas
  • EMEA
  • APAC
  • Other/Multiple regions
Q17
Dropdown
What is your typical work setting?
  • Primarily in-office
  • Hybrid
  • Primarily remote
Q18
Short Text
What is one change that would help you handle phishing attempts better?
Max 100 chars
Q19
Long Text
Scenario: A senior executive emails you requesting urgent gift card codes. What steps would you take before acting?
Max 600 chars
Q20
AI Interview
AI Interview: 2 Follow-up Questions on Phishing Readiness
AI InterviewLength: 2Personality: Expert InterviewerMode: Fast
Q21
Chat Message
Thank you for participating—your input helps us improve phishing readiness and support secure work.

Ready to Get Started?

Launch your survey in minutes with this pre-built template

Use This TemplateBrowse More Templates