KnowBe4 Analysis Finds Security Awareness Training and Simulated Phishing Effective in Reducing Cybersecurity Risk>

(BUSINESS WIRE) — KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has released a new analysis of the effectiveness of security awareness training and simulated phishing on reducing cybersecurity risk, based on data from over 60,000 individual KnowBe4 customer organizations worldwide.

The new KnowBe4 white paper, “Data Confirms Value of Security Awareness Training and Simulated Phishing”, is based on the largest analysis of its kind, with over 32 million individual end users, who took over 493 million Phishing Security Tests (PSTs) and participated in awareness training at least once a year.

Highlights from the study include:

  • Groups that did frequent PSTs performed better in detecting simulated phishing campaigns than groups that did not.

  • The more frequently that groups did PSTs, the better the users performed on simulated phishing tests. The more PSTs, the better.

  • Groups that did weekly PSTs were 2.74 times more effective in reducing risk than groups that only did less than quarterly PSTs.

  • The longer a group trained, the better they did on simulated phishing tests.

  • Groups that did both training and simulated phishing tests did the best.

“Based on the massive amount of data that we analyzed from around the world, everyone should be conducting frequent simulated phishing tests as part of their security awareness training program to get the highest level of impact and most effective cybersecurity risk reduction,” said Roger Grimes, data-driven defense evangelist, KnowBe4. “Phishing and social engineering account for 70-90% of all malicious data breaches, so focusing on ways to mitigate it are critical to your organization’s overarching cyber defense strategy. We are thrilled to finally have the concrete data to confirm the true value of security awareness training and simulated phishing.”

KnowBe4 customers attest to the important role the platform plays in cyber defense and risk mitigation, along with the overall effectiveness of incorporating security awareness training and simulated phishing into an organization’s cybersecurity strategy:

“Security awareness training and continuous assessment has helped our organization improve our employees’ ability to recognize and avoid interacting with suspicious content in their day-to-day roles. Threats are ever evolving and defensive mechanisms will inevitably fail. When they do, it’s important to have people engaged and connected to trends and suspicious patterns to act as a last line of defense. KnowBe4 has helped us minimize the effort required from our security team to deliver relevant and beneficial information to our employees,” said D.S., sr. manager, IT Security Operations.

“Our security awareness program is a vital component of our defense-in-depth strategy. There is no combination of technical controls we can ever put in place to mitigate all the risks we face. AiTM and other advanced attacks are only going to increase. Our employees are our most valued assets and the front line of defense for our organization. Partnering with KnowBe4 to build and consistently improve a comprehensive awareness program helps us proactively address new and emerging threats,” said A.B., IT security manager.

To download the new white paper, visit

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.