Most board-level reporting on awareness programmes either omits the topic entirely (it is treated as too operational for board visibility) or includes too much detail (the security manager's operational dashboard, ported to a board pack and never opened twice).
Effective board communication about phishing-resilience has a specific shape. It is short — one page is the right target. It is narrative-driven rather than dashboard-driven. It is explicit about which numbers to focus on and which to ignore. It compares against an external benchmark rather than a purely internal baseline.
Our recommended structure is four sentences plus four numbers. Sentence one: the headline trend in reporting-rate, with one-year change and direction. Sentence two: the headline trend in click-rate, with one-year change and direction. Sentence three: the most material qualitative finding from the quarter — a successful campaign, a notable gap, a new threat pattern observed against the organisation. Sentence four: what is changing in the next quarter and what to expect.
Four numbers: reporting-rate, click-rate, simulation engagement (the proportion of recipients who interacted with the simulation in any way — clicked, reported, or opened), and a sector-benchmark comparison expressed as a single delta value.
Anything beyond that belongs in an appendix that the security manager carries to the board meeting but does not present unless asked. The shorter the headline communication, the more likely it is to be read; the better it is structured, the more likely it is to generate a useful board conversation.
Boards generally respond better to comparative metrics than to absolute ones. "Our reporting-rate of 35% compares to a sector benchmark of 28%" lands differently than "Our reporting-rate is 35%" — even when the latter is technically more informative.
We provide sector-benchmark data drawn from our anonymised active client population as part of the standard quarterly reporting package. It is one of the most reliably-cited pieces of the report across our customer base.