A U.S.-based enterprise manufacturing organization cut their Phish-prone Percentage™ (PPP) by more than 80% after five months using the KnowBe4 security awareness training and simulated phishing platform.
PPP measures an organization’s employee susceptibility to phishing attacks. A high PPP indicates greater risk, as it points to a higher number of employees who typically fall for these scams. A low PPP is optimal, as it indicates the staff is security‑savvy and understands how to recognize and shut down such attempts.
KnowBe4’s new-school approach for security awareness training integrated with simulated phishing tests helped decrease their PPP by a factor of five compared to an old-school approach using a third-party Learning Management System (LMS).
At first, the firm’s training managers wanted to see what a simple simulated phishing and quarterly training program could mean for their employee cybersecurity knowledge.
The firm set up a training campaign, tracked through their own LMS, and simulated phishing campaigns using one type of phishing email using the KnowBe4 phishing platform.
From Disjointed to Integrated
After seven months of training and phishing campaigns running a single combination of the same phishing email and training landing page, the results were in. Their baseline (pre-training) PPP was 20.7%. The seven months of training and simulated phishing knocked that figure down to 17.3% with the training running solely through their existing LMS.
While the PPP did decrease, after seven months of training and phishing security tests, an organization's PPP itself typically should be cut in over half if not more. The KnowBe4 Phishing by Industry Benchmarking Report, which in 2022 analyzed a data set of 9.5 million users across 30,173 organizations with over 23.4 million simulated phishing security tests, typically finds a roughly 40% decrease in PPP within 90 days of KnowBe4 training and simulated phishing tests when using the KnowBe4 platform LMS to track and manage both training and simulated phishing.
The firm’s managers knew they could do better. Plus, they needed a better way to track training completions, and their own LMS just wasn’t meeting that need.
The next year, the firm’s managers fully dove into the capabilities of the KnowBe4 platform, integrating both training and simulated phishing campaigns.
The training managers set up more frequent phishing campaigns with multiple difficulty levels of simulated phishing emails. They also ran a monthly credential harvesting campaign to test employees’ mettle against emails designed to steal login information. Throughout the program they used the KnowBe4 platform to easily track training completions and help determine how these related to the simulated phishing tests.
After five months, the PPP dropped down to 3%; an 85.6% decrease from their baseline a year prior.
The lesson was clear: if a user is exposed to consistent phishing tests incorporated with training that can be tracked and enforced, not only is overall PPP reduced significantly, but they will also be less likely to provide their credentials to bad actors, helping to decrease risk for their organization
Think your organization could benefit from a new-school approach to security awareness training? Find out today with a free demo!