The Gone Phishing Tournament Results Are In!


The annual Gone Phishing TournamentTM is a free annual phishing simulation training event that helps organizations and security leaders better understand high-risk areas, compare phishing performance, and establish data-driven goals with accurate benchmarking data.

Access the most recent Gone Phishing Tournament results now!

The Report Is Free - Download Now!

See how your organization’s phishing knowledge compares to others in your industry and region. Build a stronger, safer organizational with culture with high-validity benchmarking data.



2023 Event Highlights


participating end users

Over 250



phishing templates

Get Expert Recommendations at the Results Webinar 

Join Fortra experts, and guest speakers from The National Cybersecurity Alliance and Microsoft, as they present highlights and discuss results from the 2023 Gone Phishing Tournament.

Attendees will enjoy in-depth insights into:

  • The best and worst-performing industries and regions
  • How the results relate to current cyber trends
  • Why phishing simulations are so crucial to strong security awareness.

Will you be next?


What is the Gone Phishing Tournament?
Who Should Participate?
Why Should You Register?


Microsoft Partner

Fortra’s Terranova Security works with Microsoft to select and build the phishing simulation template used in the annual Gone Phishing Tournament. As in real-world attacks, the simulation used manipulative techniques hackers often exploit to prey on common human instincts, like the automatic trust response. The annual template test end user behaviors like clicking on a link in a phishing message and whether they compromise confidential data.


See how your organization’s phishing knowledge compares to others in your industry and region. Build a stronger, safer organizational with culture with high-validity benchmarking data.



Missed the Gone Phishing Tournament? You Can Still Phish Your Users! 

Get accurate benchmarking data that pinpoints your organization’s areas or end users and compare your performance to the global results. Talk to an expert today!




The Gone Phishing Tournament delivers: 

A real-world phishing scenario that tests your team's readiness

Valuable metrics to evaluate your current cyber security training effectiveness

Opportunities to accurately compare your results to global benchmarks


A Cyber Security Event Like No Other 

The Gone Phishing Tournament isn't just a competition. It's your chance to delve deep into the cyber world, understand its threats,
and empower your team with the knowledge to fend off phishing attacks.

Explore how to:

  • Engage in real-world phishing scenarios
  • Gain and implement crucial feedback on your organization's resilience
  • Learn from a community dedicated to building a safer digital world

Gone Phishing Tournament FAQ

It's simple! Just click the registration button and follow the steps. We're excited to see you there!

Any organization looking to evaluate its phishing resilience and enhance its security awareness training can participate.

The tournament offers a unique opportunity to test your team's phishing defense capabilities, identify gaps in your current security training, and learn from global peers. It's a chance to transform your cyber security defenses while fostering a security-first culture.

Every year, the Gone Phishing Tournament template is selected based on examples of real-world phishing emails provided by Microsoft. Terranova Security will release more details about the simulation as we approach the event date, so stay tuned for more news shortly!

Registered organizations will be provided with a step-by-step walkthrough of important allowlisting instructions, including the IP address, domain name, and email subject line you’ll need to allowlist based on your organization’s existing policy.

Registered organizations can upload their Gone Phishing Tournament user list directly in the Gone Phishing Tournament Environment. Instructions on how to upload your user list will be sent out by email after you’ve submitted your registration information.

There is no limit on the number of users you can submit. To ensure benchmarking data that represents the reality of your organization’s click rate, a minimum of 25% of your global end user base is required to participate in the Gone Phishing Tournament.

All organizational information submitted for use in the Gone Phishing Tournament is processed, stored, and managed with the highest level of security and privacy in mind. All security controls and mechanisms already in place for existing customers apply for data collection related to the event.

Terranova Security will publish findings from this year’s global phishing simulation event in the upcoming edition of the Global Phishing Benchmark Report. This document will be available for download in early 2024. Personalized analytics and reporting will also be available to participating organizations in the Security Awareness Platform in early 2024.

No, the Terranova Security will manage the Gone Phishing Tournament simulation launch during the pre-determined deployment period.

Participating end users will be sent this year’s phishing simulation on a pre-determined date during the Gone Phishing Tournament. You can preview the simulation template by logging into your Security Awareness Platform account for the event. Organizations receive the same phishing simulation to ensure accurate, apples-to-apples data comparison. Please note that not all participating organizations are sent the phishing simulation simultaneously for security and bandwidth reasons.

Once the event has concluded, Terranova Security’s CISOs analyze data, and personalized results are delivered shortly after. Organizations will also receive a free copy of a new Phishing Benchmark Global Report, which provides an overview of the event’s results and trends security. leaders should take into account. The global report is published in the winter following the event.

Your organization can view and export its phishing simulation results directly in the Security Awareness Platform shortly after the event ends. Once notified that your results are ready, your Gone Phishing Tournament account administrator(s) can access them using their login credentials.

The global phishing benchmark report, which highlights overall results and CISO recommendations, will be available early 2024.

The participating organization's administrator(s) will be required to complete local authentication.

After a participating organization register for the Gone Phishing Tournament, they gain access to the dedicated Security Awareness Platform environment used for the event. Each organization’s view in the environment is restricted to only information associated with their administrator profile and end users.

Additionally, a select number of Terranova Security employees have privileged access to all participating organization profiles to ensure a smooth setup, execution, and support process throughout the event.

Any participating organization can upload relevant information, including their user list for the event, through their administrator profile.

The minimum Transport Layer Security (TLS) supported for the Gone Phishing Tournament is 1.2.

As of this writing, there are no additional protocols in place other than HTTPS.

The cloud provider used for the Gone Phishing Tournament is Microsoft Azure.

Privileged access permission to the Gone Phishing Tournament environment on the Security Awareness Platform is reviewed every year in the months leading up to the annual event.

No, access logging sends to SIEM is not possible.

Terranova Security manages all data related to the Gone Phishing Tournament with great care and diligence before, during, and after the event. Steps taken to ensure data privacy and regulatory compliance include:

  • All Gone Phishing Tournament data is stored in a separate database located in Europe.

  • Data from the event is encrypted at rest based on existing Microsoft Azure standards. You can read more about those standards by visiting Microsoft’s website.

  • Gone Phishing Tournament data is retained for 90 days from when the last phishing simulation email is sent.

  • The Gone Phishing Tournament database is anonymized and kept for benchmarking purposes only. It is destroyed once the data has been analyzed and annual reports distributed.

Is there any specific setup you need to perform? All administrators acting on behalf of participating organizations must complete the following steps before the Gone Phishing Tournament start date:

Once you’ve completed the registration and password reset process, these steps are outlined to log into the Security Awareness Platform environment for the event. For assistance in completing this setup process, you can always contact the Terranova Security support team.

  1. Provide all required organizational information.

  2. Complete IP, URL, and domain allowlisting

  3. Upload a participating user list with all mandatory fields filled out

Every year, Terranova Security provides participating organizations with two different reports: a personalized breakdown of the organization’s performance, which is shared via the Security Awareness Platform, and the Global Phishing Benchmark Report, which is published the winter following the event.

The simulations are localized based on the end user language entered in the user list uploaded for the event. The 2023 edition of the Gone Phishing Tournament features a simulation available in 29 languages. If a desired language is not included in the list of 29 available options, the simulation will be sent to them in English.