More Security Awareness Training Market Perspectives


By Perry Carpenter,  KnowBe4 Chief Evangelist and Strategy Officer

A few weeks ago, I wrote about my thoughts regarding recent market moves by Microsoft, Wombat, PhishLine, and others. A rapid succession of consolidations like these are the norm for maturing markets as investors and long-established vendors seek to capitalize on current trends or to fill portfolio gaps.

Well, last week continued that trend as private equity firms BlackRock and Pamplona Capital Management have jointly acquired PhishMe in a $400 million deal. As part of that move, the PhishMe brand was retired and a new brand, Cofense, was created.

Given my background as a former Gartner analyst, and my current position at KnowBe4, I’ve been fielding several requests for my thoughts on this deal.

As I mentioned in my last blog, these kinds of market moves are expected and indicative of a maturing market. It’s also extremely validating to see vendors who have traditionally focused solely on blocking and filtering technologies finally admit that technology will never fully address the threat – some things will always slip through the preventative measures.

An unprepared end-user represents the softest of targets. And, as an unfortunate unintended consequence of this exclusive focus on technology, security technology vendors have helped encourage the creation of a target-rich environment.

But now technology companies like Microsoft, Proofpoint, Barracuda and others realize that they must provide something to help address the gap. And, thus, we are seeing them make moves in this area. But, make no mistake about it, these are still vendors whose primary focus is on preventative technology; and the ‘training’ aspect of their product suites will be an afterthought.


Because recognizing that training is necessary is a direct admission that their core technology is ineffective. As such, my prediction is that (similar to the Symantec acquisition of Blackfin back in 2015), we may see the ‘awareness and training’ angle downplayed, resulting in less R&D, less marketing, less sales, and ultimately less relevance as the product and content ages into obsolescence.

Again, as I said in my last post, there are (at least) four major things to consider when evaluating the possible scenarios related to these market moves – and the PhishMe acquisition is no exception. Here’s a quick list of the considerations for reference:

  1. Acquisitions always inject a bit of uncertainty into things
  2. Vendors trying to pivot the conversation back to a technology discussion
  3. Content must be continually updated and kept current
  4. Be wary if there is no real mention of training and awareness as a goal

Thinking about each of these four points in the context of the PhishMe acquisition, we can see the following picture.

  1. Uncertainty: This acquisition actually creates more uncertainty than even ‘normal’ events like this. The rebranding of PhishMe to Cofense is a somewhat strange move. They have discarded what was arguably the most recognized brand name in the Security Awareness Computer-based Training market and replaced it with a made-up word. This brings us to point 2, below.
  2. Pivoting to technology: I believe that the reasoning behind PhishMe’s rebrand to Cofense has been hinted at over the past few years of PhishMe history as they have increasingly been downplaying security awareness.  In fact, here is a quote from PhishMe CTO and Co-founder Aaron Higbee on his blog: "Is Cofense moving away from awareness? Actually, we left awareness behind quite some time ago." Their messaging regarding their training modules was effectively that awareness is not valuable and should be given away so that organizations can ‘check the box’ and movePhishme Booth at RSA 2017 on to other, more effective methods of strengthening their defenses. And so, this move away from the PhishMe brand likely has a lot to do with them wanting to focus more on their combined technology and human-based phishing intelligence services (a high-priced combination of SaaS and managed services). This represents a big risk for them – and we’ll see if it pays-off over the next few years.
  3. Content freshness: As Cofense continues their pivot to new market areas, there is a very real danger that their awareness content will continue to become even more stale, not meeting the needs of customers who are using them as an awareness vendor. This will result in customer frustration, a hemorrhaging of their core customer-base, and that customer frustration will very likely tarnish both the PhishMe brand as well as the new Cofense brand. Customers want fresh and relevant content. If they don’t have it, they will see their vendor as irrelevant and inconsiderate of their needs.
  4. Look at a vendor’s stated goals: We’ll have to see what happens here. As I mentioned earlier, PhishMe/Cofense has been downplaying the awareness aspects of their business for a while now. However, they do focus on behavior, reporting, and a collaborative approach to phishing defense. That approach doesn’t throw out everything about awareness. But it does emphasize an extremely tight focus around phishing. And it also emphasizes the need for Cofense’s ongoing help to provide additional machine and human intelligence. This tight-focus and pivot to augmented services means that customers who use Cofense as a phishing defense platform will also need to invest in additional security awareness and training services from a separate vendor. Again, this is because they are saying that broad-based awareness content isn’t their wheelhouse.

It’s been an interesting year in our market. And we are only at the beginning of March! The good news for KnowBe4 customers is that we are NOT looking to be acquired, in fact we are on an IPO track. As the largest vendor in our market, we continue to create world-class content.

Additionally, our recent acquisition of Popcorn Training. shows we are augmenting our offerings by acquiring and partnering with world-class content providers, as well as continuing to innovate our best-in-class social engineering simulation platform. Our focus is – and will continue to be – helping employees make smarter security decisions, everyday. 

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews