A global retail and wholesale company transformed their security posture after implementing KnowBe4's Phish Alert Button (PAB) and security awareness training, achieving an astonishing 50-fold increase in user reporting of phishing attacks.
Phishing remains one of the most prevalent attack vectors, with bad actors constantly refining their techniques to bypass technical controls. KnowBe4’s Phish Alert Button empowers employees to report suspicious emails, creating a human detection layer that dramatically improves an organization's security posture.
Once installed, the PAB feature allows users to instantly report suspicious emails with a single click, removing the threat from their inbox while alerting security teams. But users need to know what to do with it. Without proper training on when and how to use it, improvements in reporting can be a challenge, leaving organizations vulnerable to attacks that slip through technical defenses.
Targeted PAB Training Rollout
The retail organization initially deployed the PAB December 2024 without formal training, resulting in a 0.3% reporting rate while maintaining a 11.5% Phish-prone™ Percentage (PPP).
PPP measures an organization's employee susceptibility to phishing attacks. A high PPP indicates greater risk, as it points to a higher number of employees who typically fall for these scams. A low PPP is optimal, as it indicates the staff is security-savvy and understands how to recognize and shut down such attempts.
To address this gap, the organization rolled out KnowBe4's "Using the Phish Alert Button – Report Suspicious Emails" training module to all 341 users in February 2025. The training delivery was coordinated through the client's learning management system, with phishing simulations paused to allow for training completion.
Measurable Risk Reduction
In the months following the targeted training, the organization witnessed a dramatic transformation in their security culture. Post-training phishing campaigns showed immediate improvement, with reporting rates skyrocketing from a negligible 0.3% to 15.4% in March, peaking at 22.4% in May 2025.
More importantly, the business unit's vulnerability to phishing attacks plummeted, with their PPP dropping from 11.5% to just 2.4% — a remarkable 79% reduction in risk.
With KnowBe4's PAB capabilities fully integrated into their security program, the retail organization strengthened their approach to human risk management against scammers targeting unwary staff.
Smarter security awareness means better risk management, and this customer shows that dedicated PAB training delivers dramatic improvements even with minimal baseline reporting.
