Knowbe4 – Security Awareness training

Business driver: Knowbe4 Security awareness training

Your employees are frequently exposed to sophisticated social engineering attacks. It is time for a comprehensive approach to effectively manage this problem, managed by people with a technical background.

Baseline Testing

We provide baseline testing to assess the Phish-prone percentage of your users through a simulated phishing, vishing or smishing attack. Test our platform yourself for 30 days.

Train Your Users

The world's largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.

Phish Your Users

Best-in-class, fully automated simulated phishing, vishing and smishing attacks, thousands of templates with unlimited usage, and community phishing templates.

See The Results

Enterprise-strength reporting. Both high-level and granular stats and graphs ready for management reports. We even have a personal timeline for each user.

Overview of Knowbe4

KnowBe4’s game-changing partnerships with The Security Awareness Company, Popcorn Training, ThinkHR, exploqii, Canada Privacy Training, Twist & Shout, TeachPrivacy, Syntrio, and El Pescador allows you to significantly better manage the ongoing problem of social engineering. We offer you the best-in-class phishing platform combined with the world’s largest library 1000+ security awareness training content; including interactive modules, videos, games, posters and newsletters. Think of us as the Netflix of awareness training.

To easily deliver this new content library to customers, KnowBe4 has a ‘Module Store’. As a customer, you can use the ModStore to search, browse and preview content and — depending on their subscription level — move modules to their KnowBe4 account.

We offer three Training Access Levels: I, II, and III depending on your subscription level. The KnowBe4 content library is constantly being updated with fresh new content. Content listed below are examples from the KnowBe4 ModStore by subscription level and subject to change. If you want to get a real-time view of all the great content, sign up to access the KnowBe4 ModStore Training Preview to see our full library!

KnowBe4 Training Modules

Also included in Training Access Level II (Gold & Platinum)


KnowBe4 Security Awareness Training (30-Min)
Basics of Credit Card Security
CEO Fraud
Common Threats, Part 1 – Miranda’s Story
Common Threats, Part 2 – Kyle’s Story
Creating Strong Passwords
Financial Institution Physical Security (for Financial Institutions only)
GLBA Security Awareness Training (for Financial Institutions only)
Handling Sensitive Information
Mobile Device Security
PCI Compliance Simplified
Ransomware For Hospitals Training
Safe Web Browsing
Social Engineering Red Flags

The Danger Zone
Your Role, Internet Security and You
Credit Card Security (Part 1)
Credit Card Security (Part 2)
Danger Zone Exercise
Don’t Be Dave
Email Spoofing
Handling Sensitive Information Securely (Part 1)
Handling Sensitive Information Securely (Part 2)
How to Stay Safe for the Holidays
Safe Web Browsing
Social Engineering
Social Media Best Practices
Strong Passwords
USB Attack

Knowbe4: Value Proposition

Training (Q4 2020 Features)

  • Award-winning, on-demand, engaging, interactive browser-based training
  • The world’s largest library of well over 1000+ security awareness training content items; including interactive modules, videos, games, posters and newsletters – with the Diamond level you get frequent, new fresh content
  • Translated phishing and training content in 30+ languages across phishing
    and training content
    , with support for localized learner experience in select languages.
  • NEW! Brandable Content feature enables you to add branded custom content to the beginning and end of select KnowBe4 training modules.
  • The Learner Experience user interface offers optional gamification, with leaderboards and badges, to incentivize and motivate users to take their assigned training
  • Localized training interface option for your users! Currently available in
    20+ local languages, your users can choose the language they are most comfortable with, helping deliver a more immersive training experience
  • Create multiple training campaigns as ongoing or with a completion date
  • NEW! Recommended Training powered by machine learning offers Admins informed training suggestions based on the simulated phishing test results of your users. Personalized to your overall organization, training modules are presented in the KnowBe4 ModStore training library. You can select these recommendations to add to your training campaigns to help reduce your users’ click rates over time.
  • NEW! Culture and Knowledge Assessments help you identify users that have a higher proficiency in security in not only knowing the right thing to do but also actually doing the right thing as part of the security culture you’re trying to achieve in your organization.
  • Automate enrollment and follow-up emails to “nudge” users
  • Allows you to create an effective “Human Firewall”
  • Hosted in our Cloud LMS, run the course in your own LMS, or delivered as a Managed Service
  • Hints & Tips Security Awareness emails for compliance
  • Point-of-failure training auto-enrollment
  • Within one account, you can have multiple allowed domains (e.g. com, net, .org) and users can sign up with any of the domains associated to an account
  • Industry’s largest full-time content development staff: 60+ people
  • Visible training results: Phish-prone percentage™ for whole organization graphed over time in your console for reporting
  • Enhanced Training Campaigns with “relative enrollment duration” feature
  • Certificate printing where users can view/download/print their own certificates after completing a course
  • Automatic SCORM delivery via console if you use your own LMS
  • Upload Your Own Content! You now have the option to upload your own SCORM-compliant training and video content in any language you choose, directly into your KnowBe4 account – at no extra cost!
  • Extend training deadlines for overdue users

Simulated Phishing Attacks

The results of the 2020 KnowBe4 Phishing by Industry Benchmarking Report clearly show where organizations’ Phish-Prone percentages started and where they ended up after at least 12 months of regular testing and security awareness training. The study analyzed a data set that included nearly four million users across 17,000 KnowBe4 customers with over 9.5 million simulated phishing security tests across nineteen different industries.

The overall industry initial Phish-Prone percentage benchmark turned out to be a troubling 37.9%. Fortunately, the data showed that this 37.9% can be brought down more than half to just 14.1% within 90 days of deploying new-school security awareness training. The One-Year results show that by following these best practices, the final Phish-Prone percentage can be minimized to 4.7% on average. Read the full report.


  • Virtual Risk Officer (VRO) feature, provides insight and actionable metrics that will allow you to understand the attack surface of your organization, and learn what users might be more vulnerable to a phishing attack. VRO provides dynamic risk scores, assigned to users, groups, and your organization as a whole, which enable you to make data-driven decisions when it comes to your security awareness plan and understand what users are the most susceptible to a phishing attack. You can even use Smart Group conditional statements that will allow selection based on individual risk scores. To see a quick video overview of VRO, click here.
  • Industry Benchmarking feature lets you compare your organization’s Phish-prone percentage™ with other same-size organizations in your space
  • Initial free Phish-prone percentage test for 100 users (more on request)
  • Year-round all-you-can-eat simulated phishing attacks
  • Unlimited yearly use of all phishing templates
  • We create regular “Current Events” templates you can send to users
  • Set-it-and-forget-it scheduling of phishing campaigns
  • Full library with 5,000+ successful phishing templates
  • Easily create your own templates
  • Community Templates: share and use other people’s phishing templates
  • Customizable phishing attacks
  • Customizable landing pages
  • Phishing Security Test email reports sent to admin at the end of a phishing campaign
  • “Anti-prairie dog” campaigns which send random templates at random times
  • Ability to skip weekends in campaigns and assign time zone and working hours
  • New Office templates with macros to simulate ransomware attacks
  • GEO-location – See where your simulated phishing attack failures are on a map, with drilldown capability and CSV-export options.
  • Ability to create anti-fraud templates that emulate spoofed CEO Fraud attacks
  • Automatic “Scam Of The Week” Campaign – sent to all employees
  • Anti-fraud “Phishing Reply Tracking” allows you to track if a user replies to a simulated phishing email and can capture the information sent in the reply
  • Social Engineering Indicators™ patented technology turns every simulated phishing email into a tool you can use to dynamically train employees by instantly showing them the hidden red flags they missed within that email
  • USB Drive Test™ allows you to test your user’s reactionsto unknown USBs they find
  • Targeted spear-phishing campaigns, replace fields with personalized data
  • “Click Only” and traditional Data Entryof sensitive information (credentials)
  • Customized scenarios based on public and/or personal information
  • Tests for opening MS Office Attachments: Word, Excel, PPT, and PDF (also zipped) and also HTML attachments
  • Variable phishing campaign length, max six months
  • Summary Information about all phishing campaigns
  • Free Phishing Attack Surface– analysis of emails belonging to your domain
  • Phish-Prone Percentage Comparison for different user groups
  • Program trend reporting
  • VishingSecurity Tests using IVR attacks over phone (Gold level on up). Supports US and International, both pre-recorded messages and text-to-speech campaigns using system templates or admin-customized templates.
  • Customizable “hover-links” when a user “mouse-overs”
  • Multi-domain accounts for admins or MSPs who manage multiple organizations (no extra charge)
  • Top 10 Criminal Phishing Emails of the week – defanged and ready to send to employees
  • Managed Phishing Campaignfeature simplifies and centralizes phishing campaign management across multiple KnowBe4 accounts from a single interface, especially useful for Managed Service Providers.


  • Advanced Reporting provides actionable metrics and insight into the effectiveness of your security awareness training program. You can generate over 60 different styles of reports that will help you understand where improvements need to be made to improve the strength of your human firewall. Using machine learning technology, Advanced Reporting will instantly create reports based on your spoken command or typing relevant keywords into the Find Report search function.
  • Smart Groups put your phishing, training and reporting on autopilot.  With the powerful Smart Groups feature, you can use each employees’ behavior and user attributes to tailor phishing campaigns, training assignments, remedial learning and reporting. Best of all, Smart Groups is a powerful ad-hoc, real-time query tool that you use to get detailed reporting for management.
  • Reporting APIs enable you to customize and obtain reports by integrating with other business systems that present data from your KnowBe4 Console. Here is the documentation.
  • The User Event API allows you to easily integrate data from your users’ security-related events or training activities that happen in other third-party platforms and push them into your KnowBe4 console.
  • Training reports for all users or a specific group (who started, completed, started but never finished)
  • Details on enrollment %, course started %, incomplete %, completed course, acknowledged security policy
  • Filter campaigns on recipient, delivered, opened, clicked, attachment, data entered, bounced, in CSV
  • Specify user needs to “Read and Attest” Security Policy for compliance
  • Individual user “report cards” with their “open and click” history
  • Reports on browser / device used to open a phishing email and vulnerable browser plugins the user has installed
  • Top 50 clickers report
  • Print to PDF so reports can be sent to management
  • Personal timeline overview for every individual user
  • Phishing Reply Tracking reports with who answered and what they said
  • Roll-up Reporting makes it easy to select reports and compare results in aggregate across managed KnowBe4 accounts or multi-location offices

Additional Features

  • NEW PhishER is an add-on product that helps your team prioritize, triage and manage potentially malicious messages reported by your users. Identify and respond to email threats fast! PhishML, a new PhishER machine-learning module analyzes every message coming into the PhishER platform – giving you info to make your prioritization process easier, faster, and more accurate. PhishER now has a new feature called PhishRIP, the new email quarantine option that integrates with Microsoft 365 and G Suite to help you Remove, Inoculate, and Protect your organization against email threats so you can shut down active phishing attacks fast.
  • Automated Security Awareness Program (ASAP)allows you to create a customized Security Awareness Program for your organization that will help you to implement all the steps needed to create a fully mature training program in just a few minutes!
  • Security Roles allows you to assign granular access control for users and groups within the KnowBe4, combined with delegated admin permissions – Here is the Support Article
  • Achieved FedRAMP Authorization from the U.S. federal government
  • KnowBe4 Active Directory Integration (datasheet)
  • Password-Less Logins
  • Anonymous Console Data for European Data Protection compliance
  • Upload users as flat text, or as CSV with Groups functionality
  • Full time dedicated U.S.- and U.K.-based support through phone and email
  • 2-Factor Authentication option for both users and admins
  • Full and partially Managed Service options, we can run this program for you
  • Phish Alert Button gives your users a way to report simulated and non-simulated phishing attacks, also available for Outlook Mobile
  • Bulk delete users using a CSV file (not needed with AD integration)
  • Training and phishing history are archived even when users are deleted
  • Supports single sign-on using Security Assertion Markup Language 2.0 SAML
  • Support for OKTA identity management
  • Support for Windows Azure Active Directory
  • Crypto-ransom guarantee