Measures employee phishing detection confidence, reporting behavior, and security practices to identify organizational risk gaps and prioritize awareness training investments.
What's Included
AI-Powered Questions
Intelligent follow-up questions based on responses
Automated Analysis
Real-time sentiment and insight detection
Smart Distribution
Target the right audience automatically
Detailed Reports
Comprehensive insights and recommendations
Template Overview
23
Questions
AI-Powered
Smart Analysis
Ready-to-Use
Launch in Minutes
This professionally designed survey template helps you gather valuable insights with intelligent question flow and automated analysis.
Sample Survey Items
Q1
Chat Message
Welcome to the Phishing Readiness & Security Behavior Survey.
This survey asks about your experiences with suspicious messages, your security habits, and your ideas for improvement. It should take approximately 6–8 minutes to complete.
Your participation is completely voluntary and you may stop at any time. There are no right or wrong answers—we are interested in your honest experiences and opinions. All responses are confidential and will be reported only in aggregate.
Please click 'Next' to begin.
Q2
Multiple Choice
To the best of your knowledge, did you receive any message you considered suspicious (email, SMS/text, or chat) in the past 30 days?
Yes
No
Not sure
Q3
Dropdown
Approximately how many suspicious or phishing-like messages did you notice in the past 30 days?
1–2
3–5
6–10
11–20
More than 20
Q4
Opinion Scale
In the past 60 days, how often did you hover over or inspect links before clicking them in emails or messages?
Range: 1 – 5
Min: NeverMid: NeutralMax: Always
Q5
Opinion Scale
In the past 60 days, how often did you verify the sender's identity before acting on a request (e.g., checking the email address or calling the person)?
Range: 1 – 5
Min: NeverMid: NeutralMax: Always
Q6
Opinion Scale
In the past 60 days, how often did you report suspicious messages through your organization's official reporting channel?
Range: 1 – 5
Min: NeverMid: NeutralMax: Always
Q7
Opinion Scale
In the past 60 days, how often did you check a URL or website address before entering login credentials?
Range: 1 – 5
Min: NeverMid: NeutralMax: Always
Q8
Multiple Choice
Which of the following security practices do you currently use on your primary work devices? Select all that apply.
Multi-factor authentication (MFA)
Password manager for work accounts
Automatic OS and browser updates enabled
Lock screen when stepping away
VPN on public networks
Unique passwords for each service
Phishing-report add-in/button installed
None of these
Q9
Opinion Scale
How confident are you that you could handle a suspicious message appropriately?
Range: 1 – 5
Min: Not at all confidentMid: NeutralMax: Extremely confident
Q10
Ranking
When judging whether an email is legitimate, rank these cues from most to least important to you.
Drag to order (top = most important)
Sender domain and address
Link URL on hover
Urgent or threatening tone
Unexpected attachments or requests for credentials
Q11
Multiple Choice
Which of the following actions are recommended when you suspect a message is a phishing attempt? Select all that apply.
Use the report button or security alias
Avoid clicking links or opening attachments
Verify the request through a known, separate channel
Share the suspicious email in a public chat
Forward to personal email to check later
Reply to the sender asking if it's legitimate
Delete without reporting
Q12
Multiple Choice
What is your most common way to report a suspected phishing message?
Report Phish button/add-in in email
Security email alias
IT helpdesk ticket
Messaging app bot
Tell my manager
I don't report them
I'm not sure how to report
Q13
Dropdown
When you do report a suspicious message, approximately how long does it typically take from the moment you notice it?
Within 5 minutes
5–30 minutes
30–60 minutes
1–4 hours
More than 4 hours
I typically don't report suspicious messages
Q14
Multiple Choice
What are the biggest things that slow you down or stop you from reporting suspicious messages? Select up to 3.
Not sure what information to include in a report
Unsure which channel to use
Worried about reporting a false alarm
Too busy or it takes too long
Reporting tools are hard to find or use
No feedback after reporting
I resolve it myself instead of reporting
None of the above
Q15
Dropdown
When did you last complete security awareness training?
Within the last 30 days
31–90 days ago
3–6 months ago
More than 6 months ago
I have not completed it
I don't remember
Q16
Ranking
Rank the following areas by where investment would most improve phishing readiness for your team, from highest to lowest priority.
Drag to order (top = most important)
Better reporting tools and integrations
More frequent simulated phishing exercises
Improved training content and refreshers
Faster feedback after reports
Just-in-time guidance in email apps
Manager reinforcement and team nudges
Q17
Dropdown
What is your primary role?
Engineering/IT
Operations
Finance/Accounting
Sales/Marketing
HR/People
Legal/Compliance
Product/Design
Customer Support/Success
Executive/Leadership
Other
Q18
Dropdown
How long have you been with the company?
Less than 6 months
6–12 months
1–3 years
3–5 years
More than 5 years
Q19
Dropdown
In which region do you primarily work?
Americas
EMEA
APAC
Multiple regions
Other
Q20
Dropdown
What is your typical work setting?
Primarily in-office
Hybrid
Primarily remote
Q21
Long Text
Based on your responses in this survey, please share any additional thoughts about what would help you handle phishing attempts more effectively.
Max chars
Q22
AI Interview
We'd like to understand more about how you handle suspicious messages. Imagine a senior executive emails you requesting urgent gift card codes. Walk us through what you would do and why.
AI InterviewLength: 2Personality: [Object Object]Mode: Fast
Reference questions: 7
Q23
Chat Message
Thank you for completing this survey. Your responses will be analyzed in aggregate to identify training priorities and strengthen our organization's security posture. All answers are confidential.
Frequently Asked Questions
What is QuestionPunk?
QuestionPunk is a lightweight survey platform for live AI interviews you control. It's fast, flexible, and scalable—adapting every question in real time, moderating responses across languages, letting you steer prompts, models, and flows, and even generating surveys from a simple prompt. Get interview-grade insight with survey-level speed across qual and quant.
How do I create my first survey?
Sign up, then decide how you want to build: let the AI generate a survey from your prompt, pick a template, or start from scratch. Choose question types, set logic, and preview before sharing.
How can I share surveys with my team?
Send a project link so teammates can view and collaborate instantly.
Can the AI generate a survey from a prompt?
Yes. Provide a prompt and QuestionPunk drafts a survey you can tweak before sending.
How long does support typically take to reply?
We reply within 24 hours—often much sooner. Include key details in your message to help us assist you faster.
Can I export survey results?
Absolutely. Export results as CSV straight from the results page for quick data work.