Department-Level Phish Reporting with Anonymous Responses

Overview

Anonymous Responses help protect employee privacy during phishing simulations by removing user-level details from reports. Department-Level Reporting gives you the option to see high-level trends by department without revealing individual identities.

This feature is configured once at the company level to ensure privacy settings are applied consistently across all phishing simulations.

Privacy-First by Default

Department-Level Reporting is OFF by default, ensuring maximum privacy unless departmental insight is deliberately enabled. When enabled:

  • Individual users remain fully anonymous — names, email addresses, and other user-level details are never shown
  • Department names can appear in reports
  • Small departments are automatically anonymised based on a configurable threshold

Who Can Configure This

Admins and business users with access to Company Edit can configure this setting.


How to Enable Department-Level Reporting

  1. Go to Settings → Company Edit
  2. Turn on Allow Department-Level Phish Reporting 
  3. Set the Minimum Department Size Threshold — Departments with this number of users or fewer will remain anonymised in reports (default: 10) 
  4. Review the privacy guidance shown in the UI 
  5. Save your changes

Once enabled, department-level data will appear automatically in reports across all past and future anonymised phishing simulations.

What You’ll See in Reports

User-level identifiers remain anonymised in all cases.

SettingWhat Appears in Reports
Department-Level Reporting OFFNo department data shown
Department-Level Reporting ONDepartment data shown in reports
Department-Level Reporting ON, department at or below thresholdShown as "Anonymised" automatically
A Phish Audit record with Department visible and all other data anonymised

When to Enable This

Department-Level Reporting is particularly valuable for organisations with strict privacy requirements that still need departmental insight for targeted remediation. It's useful when you want to:

  • Compare phishing risk trends between teams
  • Track improvement at a department level
  • Identify training gaps between teams

FAQs

Q: Why is a department showing as “Anonymised”?
A: Its active user count is less than or equal to the configured Department Size Threshold.

Q: Does enabling this affect historical campaigns?
A: Reporting reflects the active company configuration at time of viewing/export. If the setting is turned on, the department name will be displayed in all historic anonymised phish reports when the threshold is exceeded.

Q: I've changed the threshold, what happens to the reports?
A: All current and historic reports where the phish was anonymised will show or anonymise the Department name based on the new threshold.

Q: What happens to the threshold if a user is deleted or disabled?
A: When a user is deleted or disabled, this will reduce the count of the total number of employees in a department. If the new total <= the configured threshold, the department will be anonymised in reports.

Q: I can see disabled and deleted users in reports, does that mean they are included in the department count?
A: No - whilst you can configure to show Disabled and Deleted users in reporting, even if those users are visible they will not count towards the total number of employees in a department when determining if the threshold has been exceeded. 

Q: What happens to the threshold if a user moves departments?
A: If a user moves department, this will increase the count of employees in the new department and reduce the count of employees in their previous department. If the new department size > the configured threshold, the department will be visible in reports. If the old department size <= the configured threshold, the department will be anonymised in reports.

Back to all articles