Employee Phishing Readiness & Security Behavior Assessment

Measures employee phishing detection confidence, reporting behavior, and security practices to identify organizational risk gaps and prioritize awareness training investments.

Use this template Browse more templates

Sample questions

A preview of what’s in the template. Every question is editable before you launch.

23 questions · ~4 min

Q01

Long Text

Welcome to the Phishing Readiness & Security Behavior Survey. This survey asks about your experiences with suspicious messages, your security habits, and your ideas for improvement. It should take approximately 6–8 minutes to complete. Your participation is completely voluntary and you may stop at any time. There are no right or wrong answers—we are interested in your honest experiences and opinions. All responses are confidential and will be reported only in aggregate. Please click 'Next' to begin.

Q02

Multiple Choice

To the best of your knowledge, did you receive any message you considered suspicious (email, SMS/text, or chat) in the past 30 days?

Q03

Long Text

In the past 60 days, how often did you hover over or inspect links before clicking them in emails or messages?

Q04

Long Text

How confident are you that you could handle a suspicious message appropriately?

Q05

Multiple Choice

What is your most common way to report a suspected phishing message?

Q06

Long Text

When did you last complete security awareness training?

Q07

Long Text

What is your primary role?

Q08

Long Text

Based on your responses in this survey, please share any additional thoughts about what would help you handle phishing attempts more effectively.

Q09

Long Text

Approximately how many suspicious or phishing-like messages did you notice in the past 30 days?

Q10

Long Text

In the past 60 days, how often did you verify the sender's identity before acting on a request (e.g., checking the email address or calling the person)?

Q11

Long Text

When judging whether an email is legitimate, rank these cues from most to least important to you.

Q12

Long Text

When you do report a suspicious message, approximately how long does it typically take from the moment you notice it?

Q13

Long Text

Rank the following areas by where investment would most improve phishing readiness for your team, from highest to lowest priority.

Q14

Long Text

How long have you been with the company?

Q15

AI Interview

We'd like to understand more about how you handle suspicious messages. Imagine a senior executive emails you requesting urgent gift card codes. Walk us through what you would do and why.

Q16

Long Text

In the past 60 days, how often did you report suspicious messages through your organization's official reporting channel?

Q17

Multiple Choice

Which of the following actions are recommended when you suspect a message is a phishing attempt? Select all that apply.

Q18

Multiple Choice

What are the biggest things that slow you down or stop you from reporting suspicious messages? Select up to 3.

Q19

Long Text

In which region do you primarily work?

Q20

Long Text

Thank you for completing this survey. Your responses will be analyzed in aggregate to identify training priorities and strengthen our organization's security posture. All answers are confidential.

Q21

Long Text

In the past 60 days, how often did you check a URL or website address before entering login credentials?

Q22

Long Text

What is your typical work setting?

Q23

Multiple Choice

Which of the following security practices do you currently use on your primary work devices? Select all that apply.

What’s included

AI follow-ups
Adaptive probes on open-ended answers that pull out detail a static form would miss.
Attention checks
Built-in safeguards against rushed answers and low-quality respondents.
AI-drafted copy
Wording, ordering, and branching written by the AI — tuned to your research goal.
Auto report
Themes, quotes, and a plain-English summary write themselves once responses come in.

Ready to launch?

Open this template in the editor. Every part is yours to change before the first respondent sees it.

Use this template Start free

Sample questions

To the best of your knowledge, did you receive any message you considered suspicious (email, SMS/text, or chat) in the past 30 days?

In the past 60 days, how often did you hover over or inspect links before clicking them in emails or messages?

How confident are you that you could handle a suspicious message appropriately?

What is your most common way to report a suspected phishing message?

When did you last complete security awareness training?

What is your primary role?

Based on your responses in this survey, please share any additional thoughts about what would help you handle phishing attempts more effectively.

Approximately how many suspicious or phishing-like messages did you notice in the past 30 days?

In the past 60 days, how often did you verify the sender's identity before acting on a request (e.g., checking the email address or calling the person)?

When judging whether an email is legitimate, rank these cues from most to least important to you.

When you do report a suspicious message, approximately how long does it typically take from the moment you notice it?

Rank the following areas by where investment would most improve phishing readiness for your team, from highest to lowest priority.

How long have you been with the company?

We'd like to understand more about how you handle suspicious messages. Imagine a senior executive emails you requesting urgent gift card codes. Walk us through what you would do and why.

In the past 60 days, how often did you report suspicious messages through your organization's official reporting channel?

Which of the following actions are recommended when you suspect a message is a phishing attempt? Select all that apply.

What are the biggest things that slow you down or stop you from reporting suspicious messages? Select up to 3.

In which region do you primarily work?

Thank you for completing this survey. Your responses will be analyzed in aggregate to identify training priorities and strengthen our organization's security posture. All answers are confidential.

In the past 60 days, how often did you check a URL or website address before entering login credentials?

What is your typical work setting?

Which of the following security practices do you currently use on your primary work devices? Select all that apply.

What’s included

AI follow-ups

Attention checks

AI-drafted copy

Auto report

Ready to launch?