For about two years, I have been working with KnowBe4, as they have been providing a training service to the company I'm working for since August 2022.

I can describe a few use cases for KnowBe4 because they provide training services to the company that I'm working for, and once every month, we have a training module on many technology-related things, from the risks of AI to cybersecurity, to technology best practices, things of that nature.

The impact of KnowBe4's automated training campaigns on the overall cybersecurity posture is quite comprehensive because it covers everything from the very basics of cybersecurity to evolving and emerging threats. I find it to be good and would recommend it for large corporates, but if you're a small company, it might be too large and too cumbersome to have something this exhaustive implemented in your system. It's quite good though, and I would recommend it if you're a large company of approximately 500, 600, or 700 people.

I find KnowBe4 to be stable, as there haven't been any major hiccups.

Overall, I find it easy to scale KnowBe4 up and down.

Before KnowBe4, we had an internal solution for security awareness training. It wasn't a third-party solution but rather something that was developed by our internal teams. I think that KnowBe4 has been an upgrade because they constantly keep updating their training materials, saving us a lot of time that we would have spent constantly updating our materials if we were to do it by ourselves.

From my perspective regarding what can be improved or enhanced in KnowBe4, I would not be able to talk about pricing or areas that are outside my scope of visibility, but just from the quality of the offering itself, I think that it's a pretty good offering. There are no immediate problems, and they take care to consistently ask for feedback and implement it, so there are no major issues outstanding that I can immediately point to.

There are some aspects of KnowBe4 that can be enhanced, specifically in the training feature, as a lot of their training is designed for people who are almost entirely computer illiterate, which is fine because you want to be comprehensive in your cybersecurity training. Most people today have some basic ideas on what passwords are and how to use them. I feel that much of the content they have might not be required, and that might cause frustration, especially when you're trying to implement a cybersecurity program where you're training your entire workforce, as it may frustrate someone if they're forced to do training on how to set a password. However, I think that the more complicated things they do about phishing, AI, and social engineering are very important, and the way they do it is very structured and good.

For about two years, I have been working with KnowBe4, as they have been providing a training service to the company I'm working for since August 2022.

I do not have specific knowledge about the tech support of KnowBe4, but I know that when I have raised issues, they have been dealt with in time. However, I couldn't compare that to what the industry standards are and what other offerings provide in comparison. When I have given feedback on the materials I have engaged with, I found that they were addressed quickly.

Positive

Before KnowBe4, we had an internal solution for security awareness training. It wasn't a third-party solution but rather something that was developed by our internal teams. I think that KnowBe4 has been an upgrade because they constantly keep updating their training materials, saving us a lot of time that we would have spent constantly updating our materials if we were to do it by ourselves.

I personally have not used the simulated phishing attacks feature of KnowBe4. I know that there are some people in the company who use that, but I haven't used that, so I would not be able to comment on that.

While the company does use the PhishER component, I have not used it, so I would not be able to give you too much information on the phishing simulator. I've gone through trainings on the simulator, but I haven't used the simulator itself.

I have mostly been a recipient of the training programs from KnowBe4, so even though the company is using the real-time insights and real-time analytics, I would not be able to comment on this.

Given my experience with KnowBe4, the only advice I would share with users considering its implementation is to consider the scale because it would be a good solution if you're a reasonably large company. A company of 20 people or 100 people might not find it worthwhile, but for a larger company of 300, 400, or 500 people or above that, KnowBe4 would be suitable.

Based on the parts that I've interacted with and given my limited visibility, I rate KnowBe4 an 8.5 or 9 out of 10.

We use KnowBe4 primarily as a security awareness training platform to educate and protect our employees against common cybersecurity threats. While I am not directly working with KnowBe4, my company has been utilizing their training program for the past seven years as part of our broader security posture.

The KnowBe4 training is an integral part of our onboarding process. Every new hire is required to complete the training, which typically takes 15 to 30 minutes. It covers essential topics such as: recognizing phishing emails, identifying suspicious links, and understanding what software is safe to install.

This training is not limited to new hires—we periodically reinforce it with existing employees as part of ongoing awareness efforts.

In addition to the training modules, KnowBe4 also sends simulated phishing emails to our employees as a way to test and reinforce their learning. These simulations are a key component of the program and help us measure the effectiveness of the training. When employees receive an email they are unsure about, they are encouraged to report it to our IT team for verification. This proactive approach has significantly improved our overall security awareness and response behavior.

At this time, our usage of KnowBe4 is focused exclusively on the training and phishing simulation features.

KnowBe4 has significantly improved our organization by increasing overall security awareness among employees. After completing the training, employees are more cautious with emails, links, and software, helping to prevent phishing and other cyber threats. The simulated phishing tests have reinforced good practices, and employees now proactively report suspicious emails to IT, creating a stronger security culture across the company.

One of the most valuable features of KnowBe4 is its simulated phishing email campaigns. This feature effectively tests user behavior in real-world scenarios by sending realistic phishing emails to employees without prior notice. It helps identify how users respond to potential threats and highlights areas where further training may be needed.

These simulations not only measure the effectiveness of the initial training but also serve as continuous reinforcement, keeping employees alert and aware. Over time, this has greatly improved our team’s ability to recognize suspicious emails and act cautiously—whether by avoiding unsafe links or reporting potential phishing attempts to our IT team. This ongoing, practical testing method has been instrumental in building a strong security-conscious culture within our organization

One feature that would be highly beneficial in a future release is the ability to automatically send training articles or security tips to users on a regular, scheduled basis—for example, weekly or monthly. While the current training modules and phishing simulations are highly effective, ongoing awareness is equally important to keep security top of mind in day-to-day operations.

These short, digestible articles or micro-learning content could cover recent phishing trends, real-world examples of security breaches, or quick tips on secure online behavior. Periodic delivery would serve as a continuous learning touchpoint, reinforcing key concepts from the main training and adapting to evolving threats.

Ideally, this feature would also include personalization, allowing content to be tailored based on a user’s role, previous training performance, or common mistakes observed in phishing simulations. This kind of proactive, lightweight training approach could significantly enhance employee engagement with security practices and help maintain a strong security posture over time.

7 years

The solution has been very stable in our experience. Over the years, we've had no major issues with accessibility or performance. Training modules, phishing simulations, and reporting have all functioned reliably, providing a smooth and consistent user experience.

he solution is highly scalable for organizations of all sizes. We've seamlessly used it across multiple teams for several years, and it supports consistent training and testing without requiring heavy manual effort. The platform’s automation and reporting features make it easy to manage even as the organization grows.

I have not experienced any technical support yet regarding KnowBe4. However, I would say this is a great product and I would grade it highly.

Positive

We did not use a different solution for these use cases before KnowBe4.

I don't think there were other products my company considered before choosing KnowBe4.We did not explore any product except KnowBe4.

I am not the right person to answer this question. Our It team can answer this question.

I don't know the answer, actually. I was not part of this discussion initially. 

Our ROI from using KnowBe4 comes in the form of reduced security incidents and increased employee awareness. The platform has helped prevent potential breaches by training employees to identify and report threats, ultimately saving time, resources, and potential financial losses from phishing or other cyberattacks.

I am not the right person to discuss the pricing of KnowBe4 because I'm a senior software engineering manager. My CTO and the IT department or security department normally deal with pricing and other related matters.

Nope, I am not aware of it. Maybe our IT team can answer this question.

This product deserves a rating of 9 out of 10.

We use KnowBe4 for phishing attempts, and we try to educate our employees on how the phishing attacks will be simulated since KnowBe4 is quite good at simulating them, whereby you create a dummy email with multiple templates on how to enhance or target the users. The simulations are quite surreal, whereby users may confuse them, which makes them more aware of phishing attacks. We also use KnowBe4 to teach people how cybersecurity works and show them videos and materials.

The methodology that KnowBe4 employs allows us to have it architect an email, for instance, I could be your manager requesting your payslip or bank details, and although it would appear legitimate, the email address might differ. Users must take note of the email address, the crafting of the email, and the details requested. If they fail, they must resit the exam, which is one of the biggest features of KnowBe4 that helps tighten social networking within our company. It is a very good application for high-level companies.

We use KnowBe4's PhishER component.

KnowBe4 has been quite useful for us as a mid-size company, providing a lot of information. We ask our employees to take tests and certificates to keep them updated in cybersecurity knowledge and ISO 27001. We also recommend users to share new findings on LinkedIn and post through KnowBe4 since it provides certificates upon course completion, which is very useful for us.

PhishER has been quite helpful for us as it allows us to report spam emails we receive in our domain. We can block multiple domains simultaneously, even those that may present difficulties, and create rules for specific domains or emails to help us block or automatically flag critical vulnerabilities, making KnowBe4 different compared to others.

The automated training campaigns of KnowBe4 are quite helpful since if users fail to complete their certificates or exams, managers are notified every few months once the expiration date has passed for each team member. This encourages team members to finish their certifications and also provides feedback.

In terms of improvement, we would appreciate having the attachments or more details on the raw messages used in the PhishER site, as sometimes it can be a bit buggy.

I have been working with KnowBe4 for almost three years.

We have not experienced any performance or reliability issues with KnowBe4.

KnowBe4 is very much scalable.

We have escalated questions to KnowBe4's technical support, and it has been quite helpful in guiding us, especially when we request feature edits or face buggy issues. They tend to have response times close to 24 hours, if I am not mistaken.

They tend to explain issues very quickly, and their response is rapid. We do not experience extended waiting times, even though I work in a different region from the support team.

Positive

I don't think we evaluated any other solutions before choosing KnowBe4; it has always been KnowBe4 due to the extensive functionalities and features it provides. If we had taken another application, we would have had to buy multiple software packages, whereas KnowBe4 compiles everything into one convenient solution.

I don't think we have seen measurable benefits from KnowBe4 regarding time, resource, or cost savings.

If you are considering KnowBe4, it may be a bit high on the pricing side, but it would be very helpful for large companies, as it offers many modules and robust reporting to understand daily threat levels for spam and social engineering. It is a very helpful application. They also produce a lot of relevant learning materials that keep users engaged and informed, which is essential.

We are currently working on Rapid7, but I can't disclose too many details.

On a scale of 1-10, I rate KnowBe4 a seven out of ten.

I am using KnowBe4 for security purposes. When I joined USAID in 2019 for three years, I gained experience with KnowBe4. Each year, employees have to take a training course as part of the USAID company policy. From 2019 until now, I am currently working with a big contractor company in Saudi Arabia called Nesma Partners, and they also use KnowBe4. They share training courses issued by KnowBe4 to all employees, and we are required to take the training course as part of the company policy.

Regarding the emails, we received phishing emails, and I gained valuable experience on how to deal with them and understanding that we should not respond for security purposes. Additionally, I learned about social media and engineering fraud, specifically when someone shares links through WhatsApp or social media platforms.

I appreciate the training methodology. It is detailed with videos and real examples about handling phishing emails and dealing with social media links received through WhatsApp, email, or other platforms. The components are comprehensive and perfect. The content is simple to understand.

I think KnowBe4 focuses primarily on emails, phishing emails, and business. We need more experience about dealing with hackers and scams on social media, especially when we receive links from unknown people who create elaborate stories to manipulate our feelings to click on links.

KnowBe4 should focus more on these issues and provide guidance on dealing with links received from individuals who attempt to manipulate our emotions, particularly on social media platforms such as Facebook and LinkedIn. Recently on LinkedIn, there have been numerous posts regarding job offers where companies post opportunities without providing official email addresses, requesting direct messages instead. We face difficulties determining whether these job offers are legitimate or phishing attempts, specifically on LinkedIn.

I have been using the solution from 2019 until now.

The first experience was with KnowBe4, and there were no deployment issues.

I have no idea about the price.

I highly recommend all organizations to use KnowBe4. In real time, I am aware that all large organizations are using KnowBe4. I strongly recommend anyone to use KnowBe4 because users can gain significant experience, and it is a perfect platform. I rate this solution 10 out of 10.

Our usual use cases for KnowBe4 involve conducting training awarenesses based on the types of phishing, smishing, and vishing use cases. We raise awareness because our company is a global company, so people might get emails or text messages that are not from within the company. We raise those awarenesses to make them aware of the types of things they can expect, and also to be aware of all the cyber securities that exist within the country, within the world, etc. We use those use cases to raise awareness based on that.

I do not use KnowBe4's PhishER component yet. I haven't used it, but I am looking into using it because I did read about it and try to gain an understanding of how it could be used as a use case within the organization.

Many features of KnowBe4 are valuable. Currently, they are looking into AI and creating those short videos. It's now featured with AI to create those short videos, and that is a tool that I use extensively because it creates everything for me. It makes it easier to raise awareness.

The benefits I have seen from using KnowBe4 include that many people are now cautious. This is the biggest benefit to raise caution in the digital world, making people aware of the importance of verifying the sources of information. With that, my job is done in raising that awareness because many people would get information and not verify the source, or click on a malicious link thinking it might be from our organization when it is not. Raising that awareness about the importance of being cautious and verifying data sources is a great benefit.

For now, I'm happy with the product. I wouldn't say there's much improvement that needs to be made. I feel that the marketing of KnowBe4 needs improvement because many people need to know more about the types of cyber securities that exist. Many people, if you ask them if they have used KnowBe4, would say no. If you ask them about certain things that relate to cyber securities or attacks, they wouldn't know. I would like for KnowBe4 to really market itself extensively within organizations to raise awareness.

We've been using KnowBe4 for over the past four years to raise those security awarenesses since I got into the company.

KnowBe4 works without interruptions and is very stable. We haven't had any major issues, and in terms of cyber attacks, we do not have many within the organization.

I would evaluate the scalability of KnowBe4 as quite scalable, giving it an 8.5 on a scale of one to ten. People are really moving towards being more cautious on the platform.

I have not interacted with the technical support of KnowBe4.

Negative

I did not use a different solution before KnowBe4.

I did not participate in the initial setup of KnowBe4.

I have seen an ROI with KnowBe4, with a soft ROI being that many people within my organization are now aware. This soft ROI shows value within the company and how security and data are being protected.

The decision to go with KnowBe4 was made by senior management after conducting a feasibility study on the types of platforms that would be viable for the organization. I wasn't part of that process of picking which platform to use to raise security awareness. In the past four years, we didn't have a tool to raise awareness, and considering the amount of cybersecurity attacks was far less compared to now, it was important to make people aware at that time.

KnowBe4 is deployed on cloud in my organization.

I am not aware of the specific cloud provider we use. Within the organization, we have our own cloud storage, so I assume it's Microsoft, but I'm just not sure which one it is.

I would evaluate the usefulness of KnowBe4's real-time insights and analytics as quite great because it really shows me the interaction. If I post up an awareness video and I want to know how many people have accessed it, KnowBe4 gives me all those correct statistics, and the features integrate with good sources of knowledge on how to target people for awareness and how to make it more interactive as well. So, I'm quite happy with that.

My impression of the automated training campaigns of KnowBe4 is that it's a great tool. We need more functionalities that integrate the automation with KnowBe4, but it makes lives much easier and seamless for running a campaign or raising awareness.

I have not used any documentations, guides, or manuals for KnowBe4.

On a scale of one to ten, I rate KnowBe4 a nine.

Currently, we are mainly using this product for security training for employees only. Every year we plan a new training, select training material, build guides, and deploy it to KnowBe4, and the employees get the notification for the compulsory training. They review the material, the video guides, or the pictorial representation of the material we have published. Then they get a form where they can fill out questions and answers, and finally, take a certificate.

In our trainings, we built a phishing attack scenario which we discussed in detail, and the employees, after reading the articles, implemented the fix, described the answer, and submitted it.

It is pretty much easy to use and not difficult at all.

Since this is a tool which we use for training, our employees get great benefit from it.

The main advantages are the user-friendly UI and its overall ease of use.

Since we use it for the compulsory security training only, I do not think we need any improvement in this product. However, if we were using it for broader cases, then I might have some suggestions about improvements.

For example, this product has a questions and answers section which is in text form. It could be updated to include a video game format where an employee uses the game to answer these scenarios. For instance, in a video game, we could get a phishing attack on the employee system and the employee reacts to that video game character. This would make it more attractive and understandable.

We have never felt a need to contact them, so I cannot provide any information about that.

Positive

Since the training is compulsory, I cannot say much about the user experience. If it was not compulsory, then I might have received some feedback from the users.

This product is being managed by the security team for training purposes only.

It is pretty much straightforward, as other SaaS applications.

Although I did not integrate it into the system, I know KnowBe4 gets integrated with the Okta platform quite easily.

I would rate it seven to eight out of ten.

I am working with an Australian organization, and my work is related to compliance. During that work, this training was launched by the organization, and all of the employees undertook the meeting and completed the training. It was about the work we are doing regarding compliance because we deal in document assessment. We got to know about phishing and all the kinds of online scams and these kinds of things. I started work and learned about it in January 2024.

We use a software portal by the organization called StudyLink. The platform itself introduced this feature, which was a software they installed. After that, we got some security checks while sending emails to students and agents, and there were security checks introduced after the software installation. The training we underwent is what we currently follow, and the software is currently working with the portal.

I appreciate the security checks, especially when sending emails to prospective clients or applicants. We are getting emails, and there is a new folder introduced in the chat box where all the fishy emails and scam emails are automatically transferred. This feature is very helpful. The second valuable feature is the security checks we have while sending emails.

It has significant usefulness. I discovered some scam emails that were detected by the software, and it is very helpful in our daily operations and compliance work.

I received two to three different scam emails and got the notification, so I ignored them. They were already in different folders, making it easier for me, as we get many emails daily. The feature helps us significantly, making us more efficient, saving our time, and benefiting our daily operations.

It has helped us tremendously in cybersecurity awareness. We learned extensively about cybersecurity with the training, and the automated trainings are very convenient and feasible for us.

Chat bots could be helpful. If a new feature is introduced and a user without an IT background faces difficulty in operating the new feature, chat bots would be very helpful to ask questions and get responses.

I am not an IT person, so I am not sure what kind of changes should be made in the future; however, all the work is good for the time being and really helpful for us.

The trainings I attended did not cover those contents.

Currently, I am not facing any issues; everything is working smoothly, and the security concerns are completely addressed. I believe everything is in place.

We have not had any limitations or scalability issues with it. It is good to go.

I have not had experience with the tech support of KnowBe4.

Positive

I have experienced something related to security software that was in place before my joining but did not make an impact regarding scams. After the KnowBe4 software introduction, things have become much easier, improving efficiency and decreasing workload, ultimately helping the organization and employees.

There were some issues with the portal we were using before, but since the software installation, it is actually very easy for us now.

We are working with a university. They installed the software on the portal, and while I do not know if it is software or hardware, there are some changes and extensions in the portal after the installation.

It has helped us significantly in cybersecurity awareness. We learned extensively about cybersecurity with the training, and the automated trainings are very convenient and feasible for us.

I do not have information about the setup cost.

I have not explored alternate solutions.

I would recommend KnowBe4 to all users, especially those working with different portals or IT solution companies. It would save time and help us be aware of security policies and updates, allowing us to do our work smoothly. On a scale of 1-10, I rate KnowBe4 a 9.

I am a partner, reseller, implementer, and user. Everything.

Nothing significant has changed on the platform, and it is steadily developing and adding more content to teach people about security awareness. The content is engaging and interesting. It is entertaining, and it is very interesting to experience. They have one of the biggest libraries of phishing templates that are very genuine and similar to the original letters. Everything is excellent about this platform.

For the companies I work with in my country, it is crucial to have educational materials in our country's language. KnowBe4 has a substantial library of different translations, and their phishing templates are highly customized according to the companies that work in specific markets. Their quality of translation is very high, which is very important for common people. Not everybody learns foreign languages, so it is crucial to educate the entire personnel of the company. Translation is very important.

It is difficult to identify areas for improvement because this company is developing rapidly, and they are working on AI assistance for creating better knowledge, better learning experiences, and creating more sophisticated templates. They are working in the right direction. They are visionaries and leaders of the markets, so they are doing it correctly. I cannot identify any obvious gaps or areas where they should work better. They are rather good.

I have been using the solution for about 6 years.

There is no company in the world that they cannot scale to. It is easy for them.

Their support is very quick and informative, deserving a rating of 10.

Positive

The setup is rather easy because it is a cloud platform, and you just configure several things according to the knowledge base. Everything is described stage by stage with detailed descriptions available. The support works very efficiently, so you can set up rather quickly with minimal problems.

Independent articles from Forrester about the return on investment of KnowBe4 can be found on the internet as open source material.

As an exceptional product, they are relatively expensive, but it is worth it because compared to offline education with hired dedicated people, it would be much more expensive and not obviously more efficient. They are expensive, but you understand what you are paying for.

The solution is very versatile, and everyone can use KnowBe4.

They respond immediately because they are high-grade cybersecurity professionals who know all the tendencies and recent events and issues. They adapt their templates according to current tendencies and issue corresponding content to educate people about cybersecurity issues. They are rather quick about everything happening in cybersecurity.

If you look at G2, Gartner, or Forrester ratings, KnowBe4 is a leader for several years in a row. They are worth it. I rate KnowBe4 a 10 out of 10.

KnowBe4 is prominent in South Africa since 2016. I used it at Easy Pay, SARS (our tax authority in South Africa), and now at Capitec.

I have moved on from creating and simulating phishing emails since 2017. At the bank, we look after the infrastructure, licensing, and features. The junior compliance team helps set up simulations to catch people through Teams messages or links.

We must make the phishing emails better with the AI models that can be added through an extra license. The content must be very realistic so people can see the actual aftermath.

The scalability, integration, robustness of reporting and analytics, and user-friendly interface are valuable features.

KnowBe4 has improved significantly since we first acquired it at Easy Pay when I worked with a third-party vendor in India for setup. In my first simulation, I designed a menu for a year-end function, and half of the company clicked on it, requiring subsequent training.

Humans remain the weakest link. The analytics help us identify people who clicked, determine their training needs, and track progress. My personal statistics show I failed five out of 39 tests and reported 17, with a personal risk score of 47.4 and eight badges.

KnowBe4's AI integration has enhanced email authenticity. The model adapts to sending patterns. Recently, I was caught when I received what appeared to be an HR reply while waiting for a response. After returning from leave, I clicked on what turned out to be a phishing link.

The days of obvious scams are gone. Modern phishing emails appear authentic, as if from friends. This enables full-blown ATP operations using AI to generate convincing phishing emails, making it crucial to focus on AI-based detection against AI-generated threats.

As an architect who designs security solutions at Capitec, Africa's largest bank with 25-27 million clients, we must ensure good cybersecurity awareness for users.

There are gaps in overall security coverage. I rate KnowBe4 a 7 because improvements could be made beyond entry points and foothold perspectives. For instance, considering SQL injection vulnerabilities, more content should be provided for developers.

Adding a section specifically for developers would be beneficial, targeting that market as effectively as the organization-wide phishing email training. Organizations that have used KnowBe4 for years are developing good security habits.

KnowBe4 could educate people about OWASP Top 10 in web security testing and API security. Since OWASP Top 10 is open source, teaching these principles to keep organizations secure beyond Exchange server protection would be valuable.

KnowBe4 has a significant presence in South Africa since 2016. I have used it at multiple organizations including Easy Pay, SARS (South African tax authority), and currently at Capitec.

I use the on-premises version. The system experienced downtime during a patch or upgrade. The compliance team reported issues with creating simulations and pushing out training.

During the last downtime, it caused significant disruption as users couldn't access the system. Warren escalated this to a support ticket with KnowBe4. A representative from KnowBe4 South Africa, who is active on LinkedIn, previously gave a presentation at Capitec.

I previously used OpenPhish, setting it up with Hive when building the open source SOC for SARS. This included ELK stack, Hive, MSP, and OpenPhish for creating phishing emails and fake domains.

At SARS, I attempted to implement KnowBe4 for three years. During RFQ processes for licensing, the pricing was considered too expensive under government procurement rules, though I disagreed with compromising on security.

The setup process is straightforward. When implementing at SARS, we had assistance from a vendor, possibly Dimension Data. The basic setup involves server creation and software installation following documentation. My current role includes upgrading versions, .NET, and patching the Microsoft server as it's treated as a member server within Active Directory.

The implementation at SARS was completed with assistance from a vendor, believed to be Dimension Data. KnowBe4 vendors in South Africa participated in the setup process.

The solution was considered expensive, particularly in government contexts. However, security shouldn't be compromised as monetary considerations become secondary when security incidents occur.

The system supports single sign-on integration. It's accessible through an internal internet where all applications are published. Users can access KnowBe4 through the apps portal using either username/password or single sign-on authentication.

The solution rating is 7 out of 10.

We maintain realistic training scenarios. Junior staff members create phishing emails with support available when needed. During system downtime, it significantly impacts operations, requiring escalation to KnowBe4 support.