Get instant support with our search!
Department-Level Phish Reporting with Anonymous Responses
Overview
Anonymous Responses help protect employee privacy during phishing simulations by removing user-level details from reports. Department-Level Reporting gives you the option to see high-level trends by department without revealing individual identities.
This feature is configured once at the company level to ensure privacy settings are applied consistently across all phishing simulations.
Privacy-First by Default
Department-Level Reporting is OFF by default, ensuring maximum privacy unless departmental insight is deliberately enabled. When enabled:
- Individual users remain fully anonymous — names, email addresses, and other user-level details are never shown
- Department names can appear in reports
- Small departments are automatically anonymised based on a configurable threshold
Who Can Configure This
Admins and business users with access to Company Edit can configure this setting, provided Anonymous Responses are enabled for your organisation.
How to Enable Department-Level Reporting
- Go to Settings → Company Edit
- Ensure Anonymous Responses are enabled
- Turn on Allow Department-Level Reporting
- Set the Minimum Department Size Threshold — Departments with this number of users or fewer will remain anonymised in reports (default: 10)
- Review the privacy guidance shown in the UI
- Save your changes
Once enabled, department-level data will appear automatically in reports across all past and future phishing simulations.
What You’ll See in Reports
User-level identifiers remain anonymised in all cases.
| Setting | What Appears in Reports |
|---|---|
| Department-Level Reporting OFF | No department data shown |
| Department-Level Reporting ON | Department data shown in reports |
| Department-Level Reporting ON, department at or below threshold | Shown as "Anonymised" automatically |
When to Enable This
Department-Level Reporting is particularly valuable for organisations with strict privacy requirements that still need departmental insight for targeted remediation. It's useful when you want to:
- Compare phishing risk trends between teams
- Track improvement at a department level
- Identify training gaps between teams
FAQs
Q: Why is a department showing as “Anonymised”?
A: Its active user count is less than or equal to the configured Department Size Threshold.
Q: Does enabling this affect historical campaigns?
A: Reporting reflects the active company configuration at time of viewing/export. If the setting is turned on, the department name will be displayed in all historic anonymised phish reports when the threshold is exceeded.
Q: I've changed the threshold, what happens to the reports?
A: All current and historic reports where the phish was anonymised will show or anonymise the Department name based on the new threshold.
Q: What happens to the threshold if a user is deleted or disabled?
A: When a user is deleted or disabled, this will reduce the count of the total number of employees in a department. If the new total <= the configured threshold, the department will be anonymised in reports.
Q: I can see disabled and deleted users in reports, does that mean they are included in the department count?
A: No - whilst you can configure to show Disabled and Deleted users in reporting, even if those users are visible they will not count towards the total number of employees in a department when determining if the threshold has been exceeded.
Q: What happens to the threshold if a user moves departments?
A: If a user moves department, this will increase the count of employees in the new department and reduce the count of employees in their previous department. If the new department size > the configured threshold, the department will be visible in reports. If the old department size <= the configured threshold, the department will be anonymised in reports.