It is important to know the security readiness of any organization in order to strengthen it. One often neglected aspect of security is the human element, which is often attacked by social engineering” techniques. This paper studies to what extent users are aware and susceptible to common social engineering attacks, and if a quantitative approach to enetration testing of social engineering can be used. By employing a quantitative study under the false pretense of studying “micro efficiency”, an organization with above average skilled users was surveyed on three classic social engineering cons. The results indicate that the approach could be useful as a part of, or as a stand alone auditing technique. The human element is not only vulnerable, but vulnerable to the extent that it shadows most other security measures. The author argues for the necessity of education in order to counter the serious threat of social engineering, since it in many cases complies with the principle of adequate protection.