Few professionals are completely confident in their ability to assess the effectiveness of their phishing awareness efforts.

In a new paper, Phishing Defense and Governance, released in partnership with Terranova Security, ISACA outlines key takeaways from this phishing research that reached security, assurance, risk and governance professionals, including:

• Only a slight majority (63 percent) regularly monitor and report on the effectiveness of their activities.
• 38 percent of respondents reported that their organizations develop security awareness collateral and anti-phishing materials internally.
• 85 percent of enterprises measure and regularly report on the effectiveness of their phishing awareness programs.