Latest news with #StuSjouwerman
Techday NZ
13-05-2025
- Business
- Techday NZ
Security training cuts phishing risk by 86% globally in a year
A newly published report indicates that security awareness training reduces global phishing click rates by 86%. The "Phishing by Industry Benchmarking Report 2025" compiled by KnowBe4 analysed 67.7 million phishing simulations involving 14.5 million users across 62,400 organisations worldwide. The report found an average global baseline Phish-prone Percentage (PPP) of 33.1%. This metric refers to the proportion of employees interacting with phishing simulations before undergoing structured security awareness training (SAT). According to the report, SAT significantly reduces susceptibility to phishing. The findings show that the global PPP drops by 40% after three months of education and by 86% following a full year of continued training. The study highlights that ongoing and effective SAT not only decreases risk but also establishes a stronger security culture within organisations. Measurable improvements become evident as quickly as three months after training begins. Stu Sjouwerman, Chief Executive Officer of KnowBe4, stated, "The data speaks for itself — security awareness training truly makes a difference. From 2024 to 2025, the general trend has remained fairly consistent — around one-third of employees click on a simulated phishing link before taking part in training." "However, the data shows a slight improvement in 2025. Within a year, we've seen a 3.5% decrease in the global baseline PPP, highlighting a positive shift in overall security awareness worldwide. However, there is still significant progress to be made in fully addressing phishing risks. By consistently prioritising relevant and engaging training, combined with simulated phishing, organisations can strengthen their human risk management strategies and better protect against phishing to improve overall security culture." he added. The report examined risk differences by sector and organisation size. Healthcare and pharmaceuticals, Insurance, and Retail and wholesale emerged as the most at-risk industries, with baseline PPPS of 41.9%, 39.2%, and 36.5%, respectively. This indicates that employees in these sectors were most likely to engage with potential phishing threats prior to training. Larger organisations faced a greater initial risk. Those with over 10,000 employees had an average baseline PPP of 40.5%. Organisations with between 1 and 250 staff had a lower average baseline of 24.6%. The data indicates that the scale of an organisation can correspond with a heightened vulnerability to phishing before remedial action is taken. Among organisations with 1,000 to 9,999 employees, the Healthcare & Pharmaceuticals, Hospitality, and Legal sectors all achieved an improvement of 91% in PPP scores after 12 months of ongoing SAT, demonstrating the potential for marked risk reduction within a year of continuous education. Regional variation was also apparent in the findings. The highest baseline PPPs were found in South America at 39.1%, North America at 37.1%, and Australia and New Zealand at 36.8%. These figures indicate regional disparities in initial vulnerability to phishing before introducing training regimes. The report provides quantifiable evidence that sustained investment in SAT, including simulated phishing campaigns, can result in enduring changes to employee behaviour. The decline from a global baseline PPP of 33.1% to just 4.1% after 12 months underscores the tangible benefits of a measured and continued approach to cybersecurity education.
Yahoo
13-05-2025
- Business
- Yahoo
KnowBe4 Report Reveals Security Training Reduces Global Phishing Click Rates by 86%
KnowBe4's 2025 Phishing by Industry Benchmarking Report shows a drop in the global Phish-prone™ Percentage (PPP) to 4.1% after 12 months of security training TAMPA BAY, Fla., May 13, 2025--(BUSINESS WIRE)--KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its "Phishing by Industry Benchmarking Report 2025" which measures an organization's Phish-prone™ Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization's overall susceptibility to phishing threats. This year's report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT). The data underscores the significant impact of SAT in mitigating risk. The rapid decline in the global PPP following the implementation of training — falling by 40% in just three months and by a total of 86% after 12 months — demonstrates that ongoing, effective training leads to lasting behavior change and a substantial reduction in vulnerability to cybersecurity threats. This highlights the critical role of continuous education in building a stronger security culture within organizations, even in as little as three months. KnowBe4 analyzed 67.7 million phishing simulations globally, across 14.5 million users from 62.4 thousand organizations. The baseline PPP (33.1%) reflects an organization's susceptibility to phishing before any KnowBe4 training. Employees then undergo KnowBe4's SAT, and the PPP is recalculated after 90 days and again after one year-plus of ongoing training to quantify the program's effectiveness. Other Key Findings from the Phishing By Industry Benchmarking Report: Globally, the top three most at-risk industries with the highest baseline PPP were Healthcare & Pharmaceuticals (41.9%), Insurance (39.2%), and Retail & Wholesale (36.5%). Larger organizations faced a higher initial phishing risk, with those having 10,000+ employees showing a global baseline PPP of 40.5%, compared to 24.6% for organizations with 1-250 employees. In organizations of 1,000-9,999 employees, three sectors all achieved PPP improvement rates of 91% after 12 months of on-going training: Healthcare & Pharmaceuticals, Hospitality and Legal. Across the different regions, the highest baseline PPPs were found in South America (39.1%), North America (37.1%), and Australia and New Zealand (36.8%). "The data speaks for itself — security awareness training truly makes a difference," said Stu Sjouwerman, CEO of KnowBe4. "From 2024 to 2025, the general trend has remained fairly consistent — around one-third of employees click on a simulated phishing link before taking part in training. However, the data shows a slight improvement in 2025. Within a year, we've seen a 3.5% decrease in the global baseline PPP, highlighting a positive shift in overall security awareness worldwide. However, there is still significant progress to be made in fully addressing phishing risks. By consistently prioritizing relevant and engaging training, combined with simulated phishing, organizations can strengthen their human risk management strategies and better protect against phishing to improve overall security culture." To download a copy of the Phishing by Industry Benchmarking Report 2025, visit here. About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. View source version on Contacts Media Contact:Kathy WattmanSVP of Public Relationskathyw@ 727-474-9950
National Post
29-04-2025
- Business
- National Post
KnowBe4 Appoints Bryan Palma as President and CEO
Article content TAMPA BAY, Fla. — KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, announced that cybersecurity industry veteran Bryan Palma has been appointed president and chief executive officer of KnowBe4, effective May 5. KnowBe4's founder and current chief executive officer Stu Sjouwerman has transitioned to the role of executive chairman. Article content Palma is a highly regarded technology executive with over twenty-five years of experience and a proven track record of scaling global technology enterprises by driving profitable growth, improving customer experience, and delivering operational agility. Most recently, he was the chief executive officer of Trellix, a multi-billion dollar cybersecurity market leader formed through the merger of FireEye and McAfee Enterprise. Prior to joining Trellix, he guided some of the world's leading organizations through pivotal technology and business transformations including Cisco, Boeing, EDS, PepsiCo, and the US Secret Service. Palma earned a masters of business administration from Duke University's Fuqua School of Business, masters of education from the University of Maryland, and bachelor of arts from the University of Richmond. Palma serves on the President's National Security Telecommunications Advisory Committee and the CloudBees board of directors. Article content 'KnowBe4 is an incredibly important company in the cybersecurity ecosystem and at the forefront of human risk management and artificial intelligence,' said Palma. 'I am humbled to join the company at such an important moment and accelerate the leadership position established by Stu and the team. I am looking forward to serving our global customers and proudly calling myself a Knowster.' Article content Executive chairman, Stu Sjouwerman founded KnowBe4 over fifteen years ago and over the last two decades has led the company through multiple rounds of venture capital funding, executed key strategic acquisitions, successfully led a public offering, and grew KnowBe4 to serve over 70,000 customers. Article content Sjouwerman said, 'As Founder of KnowBe4, I am grateful to contribute to the creation of a new market category focused on managing human risk and confidently leave KnowBe4 in the capable hands of Bryan.' As executive chairman, Sjouwerman will help guide KnowBe4's artificial intelligence innovation and work closely with Palma on the transition. Article content KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. Article content Article content Article content Article content Contacts Article content Article content Article content
Yahoo
22-04-2025
- Business
- Yahoo
KnowBe4 Marks 20-Quarter Leadership Streak in G2 Grid Spring 2025 Report and Named Leader in Two Categories
KnowBe4's Security Awareness Training ranked as the number one Security Awareness Training product for the 20th consecutive quarter and PhishER ranked as the number one Security Orchestration, Automation, and Response software for the 13th consecutive quarter TAMPA, Fla., April 22, 2025 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced its PhishER product and its Security Awareness Training (SAT) software have been named the number one leader in the G2 Grid Spring 2025 Report for the 13th consecutive quarter and the 20th consecutive quarter, respectively. The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) software vendors and security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 2,026 G2 customer reviews, KnowBe4's SAT remains the top ranked SAT product with 98% of users rating it four or five stars. The platform received the highest G2 score among products in the SAT category and is the only vendor with a score in the 90s. Additionally, 93% of users recommend KnowBe4 SAT to others. KnowBe4 also maintains the largest market presence among products in SAT and has been recognized as the #1 SAT vendor on G2 for over five years. Based on 339 G2 customer reviews, KnowBe4's PhishER is the top ranked SOAR software. PhishER has the highest satisfaction score among SOAR products in the category with 98% of users rating it four or five stars. Additionally, PhishER has been ranked as the number one SOAR software for three years and is recognized for "Best Results" and "Best Usability." "The voice of our customers speaks clearly through these G2 rankings," said Stu Sjouwerman, CEO of KnowBe4. "This 20-quarter leadership milestone reflects our team's relentless commitment to developing effective risk management that truly serves our customers' needs. Every day, thousands of organizations rely on our platform to strengthen their security posture and manage threats efficiently. We are honored to receive this continued recognition and remain dedicated to advancing our platform to meet evolving security challenges." For more information on PhishER, visit To download a copy of the report on the SOAR market, visit For more information on KnowBe4's SAT, visit To download a copy of the report on the SAT market, visit About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. Media Contact:Kathy WattmanSVP of Public Relationskathyw@ View original content to download multimedia: SOURCE KnowBe4 Inc.
Yahoo
12-03-2025
- Business
- Yahoo
Cybercriminals Shift Tactics as Credential Harvesting Tops Payment Data Theft in Retail
Cybercriminals are getting personal. Literally. According to KnowBe4's 'Global Retail Report 2025,' the greatest threat is 'credential harvesting' where personal information is stolen. Researchers at the firm said that credential harvesting, 'which is often orchestrated through phishing attacks, has become the predominant threat, accounting for 38 percent of all compromised data in 2023, while payment card data theft dropped to 25 percent.' More from WWD January Digital Unveils 'January Growth' to Serve Fast-growing E-commerce Brands Gen Z's Economic Impact Soars as Workforce Entry Boosts Spending Power to Over $1 Trillion Survey Reveals 84% of Americans Fear Cybersecurity Risks in Online Banking This research comes at a time when cybercrime is top of mind for retailers as well as consumers. It follows a report from that polled over 1,000 U.S. consumers about online banking and found that 84 percent of respondents said they are worried about cybersecurity. This shift occurs as the total number of cyberattacks in the retail sector has jumped 56 percent. 'This puts retail in the top five industries targeted by cybercriminals,' the report's authors said, adding that the average cost of a single retail data breach 'reached $3.48 million in 2024, an 18 percent increase from 2023.' 'Our research reveals a critical shift in how cybercriminals are now prioritizing credential theft over payment card data,' said Stu Sjouwerman, chief executive officer of KnowBe4. 'Stolen credentials allow immediate access to personal accounts, bypassing security measures like passwords and two-factor authentication. The good news is that organizations implementing frequent security awareness training are seeing dramatic improvements, demonstrating that human risk management must be a core component of any retail organization's security strategy.' The growth of cybercrime has a lot to do with how consumers shop. The report noted that more than 62 percent of all purchases are made with a credit or debit card. 'When a customer uses a card to make a retail purchase, whether online or in store, they are entrusting that retailer with their credit card and other personally identifiable information (PII), including their name, address and phone number,' the report stated. 'If they access their account on the web or through the store's point of sale (POS) system, the retailer also has their past purchasing information and tracking data including any changes of addresses, and other addresses they have sent packages to.' Consequently, KnowBe4 researchers said it should come as no surprise that the retail sector has become 'a nearly irresistible trove for a growing number of cybercriminals. Unfortunately, new AI tools have not only enhanced the abilities of experienced cybercriminals, but also given state-of-the-art intrusion methods to relatively unskilled or novice attackers.' Digging deeper into the research showed that North America's retail sector experienced the highest percentage of cyberattacks with 56 percent, while Latin America experienced the second highest at 32 percent. Europe experienced 11 percent of attacks. The report also noted that the U.S. retail sector accounted for 45 percent of global ransomware attacks 'despite representing only 28 percent of market share, making retail the second most targeted sector.' To combat these crimes, retailers need to reduce the 'human risk' factors, which include workforce education of phishing tactics and other measures. 'Conducting security awareness training and simulated phishing evaluations for one year or more can reduce the likelihood of employees falling for phishing attacks for organizations of all sizes,' the report's authors said, adding that there is a significant impact of security awareness and education. Training on employee susceptibility to phishing attacks dropped from 42.4 percent to just 5.2 percent in large retail organizations, 'while small and medium-sized retailers saw similar improvements, with rates dropping to 4.7 and 4.5 percent, respectively, after one year of continuous training.' Best of WWD Retailers Leverage First Insight for ESG Alignment What Steph Curry's Sneaker NFTs Can Teach Fashion Year in Review: Brands, Retailers Go Hyper-digital in a Challenging Landscape
