It would be nice to see a difficulty rating on each scenario. This would help organizations choose the level of adversary sophistication in their simulated phishing messages. For example, an email with a lot of spelling mistakes and bad branding might be rated as an 'easy' test, whereas a message with no spelling mistakes, good looking branding, a legit looking email address, but has a fake link could be rated as 'hard.'

Allow organizations to select scenarios that meet the difficulty requirements for that particular campaign's goals. This can also tie in nicely to the reports section to show organizations how their users responded to phishing at varying levels of difficulty.