Question

What is the AFR and how is it calculated?

Answer

The AFR is the average failure rate of a phishing template. It is a general barometer and is not necessarily representative of a difficulty level of the template.

Machine learning is used to compare phishing templates and calculate the average failure rate. When phishing admins make modifications to the stock templates a machine learning tool compares the content to ensure they are similar enough to be included in the overall AFR template calculation.

In order to calculate the AFR, we pull results across all customer usage. Typically, our customers send campaigns in the hundreds to thousands of users so even a single campaign generates a lot of data. A failure rate is not assigned until a template has been used at least once, therefore a template's failure rate will have some variance over time as the template is used.

Currently the AFR rate is calculated weekly which is why you may not see an immediate change after running a large campaign. Since Proofpoint Security Awareness Training has thousands of customers with millions of end users interacting with phishing campaigns, it is possible that one single phishing campaign will not have an impact on the average failure rate. Some of the phishing templates have been used in thousands of campaigns and therefore it may take many campaigns to change the AFR of a template.

Each template can be modified to add or remove Indicators of Compromise. By simply making small modifications to a template you can easily raise or decrease the difficulty level of a template by just adding the user's first name, email address or using a relevant phishing domain. These templates with minor edits will be included in the AFR.
 

Note: If a template has an AFR of 0% that is because it has not been used enough to provide a valid failure rate.