2022 KnowBe4 Pricing
Cybersecurity is a hot topic, as it seems that new data breaches make the news constantly. Bad actors utilizing social engineering attacks, phishing, and more can lead to disaster for any business. Companies hit by these attacks can face immediate consequences such as the loss of data and revenue. Longer-term consequences often result from the lack of public trust after a data breach occurs
To combat these attacks, companies are turning to security awareness training software, such as KnowBe4 Security Awareness Training. Security terms are used throughout this article, and a glossary of common security terms is provided at the end.
What is KnowBe4 Security Awareness Training?
KnowBe4 Security Awareness Training is a SaaS product that provides training and tools. Organizations use the product to increase security knowledge amongst employees in all departments. KnowBe4 Security Awareness Training boasts a trScore of 9.1, which is exceptionally high.
The product won several TrustRadius awards based on feedback from their customers. The product took 2nd place in Best Feature Set, and Best Relationship in 2022, 1st in Best Value for Price in 2022, and won a Top Rated Award in 2021.
KnowBe4 allows companies to run training campaigns and simulated phishing campaigns in a single platform. Their product’s content library includes training modules, games, and videos.
Campaign capabilities differ based on subscription level. All levels offer unlimited phishing security tests and an automated security awareness program. Every tier also includes a Virtual Risk Officer which analyzes security risk at the user, group, and organizational levels.
KnowBe4 Security Awareness Training makes phishing campaigns easy to set up for users of all skill levels. This video below gives an overview of how to set up a phishing campaign.
Add-on products, PhishER and Compliance Plus, are available at an additional cost. PhishER offers additional incident response tools for InfoSec or security operations teams. This add-on is useful for organizations that want to integrate their security awareness training with aspects of their security tech stack. Organizations that have already invested in a more robust Security Orchestration Automation and Response (SOAR) tool or a separate incident response platform may see limited utility from this add-on.
Compliance Plus is a new-school, customizable compliance training. It was built to be both more customizable and more engaging than traditional compliance training. Topics available in the training library include diversity, equity and inclusion, discrimination, data privacy, data protection, business ethics, employment law, and workplace safety.
This add-on may be useful to small and midsize businesses (SMBs) as it offers compliance training at a relatively low cost. This add-on is likely not the best solution for industry-specific compliance requirements.
Pricing for KnowBe4 Security Awareness Training is dependent upon region. The prices discussed here are accurate for North America as of January 2022. The product is priced annually per seat for all tiers, with a minimum of 25 seats. Annual pricing is broken down by tier and number of seats in the table below.
Pricing Per Seat (Annually)
Compliance Plus (Add-On)
Organizations with more than 5000 employees will need to obtain a quote from KnowBe4 for accurate pricing. The cost per seat decreases for all tiers as companies purchase more seats. The prices discussed below are accurate for 25-50 seats and are the highest annual cost per seat.
Discounts are available for non-profits and for organizations who sign on to a 3-year contract. The multi-year discount is not available upon renewal. The add-on products are not available for businesses with fewer than 101 employees.
There are 3 training content levels, that differ based on the amount of content available. This overview provides information about the differences in content between the training content levels. See the table below for the training available at each training content level.
Silver - $18/user/year
The Silver tier is the most basic subscription offered. Users receive access to Training Content Level I only. This tier offers SSO integrations, assessments, and brandable content.
Gold - $21.75/user/year
The Gold tier offers users access to Training Content Level II and the features of the Silver tier. Additional features offered in this tier include access to Vishing tests, and a monthly email exposure check.
The email exposure check automatically searches through information found in data breaches to detect data that looks like an email address related to the user's organization. This aids in identifying at-risk users.
Platinum - $25.50/user/year
The Platinum tier offers users access to all of the features included in the lower tiers. This tier does not offer access to a higher Training Content Level. This tier offers reporting APIs, role-based permissioning, and access to premium customer support.
Diamond - $30.50/user/year
The Diamond tier is the only tier that gives users access to Training Content Level III. It includes all features offered in the lower tiers, and gives users access to KnowBe4’s AI tools.
Utilizing AI, administrators in this tier can give more personalized phishing tests based on the end-user’s knowledge level and training history. The Artificial Intelligence-driven Agent feature is only available in this tier.
PhishER - $11/user/year
PhishER is available as a standalone product or an add-on to Security Awareness Training. This product is only available for organizations with 101 or more employees. There is no difference in feature set or pricing between the add-on and the standalone product.
Compliance Plus - $7.50/user/year
Compliance Plus is only available as an add-on to Security Awareness Training. This product is only available for organizations with 101 or more employees. KnowBe4 offers a standalone compliance product called KCM GRC Platform. It is also priced per seat but only offers a 3-year term.
The Compliance Plus add-on offers a basic compliance training library. The KCM GRC Platform is a more robust solution that offers advanced reporting, and vendor risk management features. It can help ensure companies are ready for any compliance audits.
KnowBe4 Security Awareness Training offers several flexible options for companies of various sizes. The Silver and Gold tiers are a good fit for smaller companies looking to establish good security practices. The Platinum tier's extra customer support will be useful to companies without a dedicated security team. The AI capabilities offered in the Diamond tier may be worth the extra cost in cases where there are known security vulnerabilities.
There are plenty of security awareness training products available. Proofpoint Security Awareness Training, Cofense PhishMe, and Infosec IQ are commonly compared to KnowBe4 on TrustRadius. These products have similar feature sets. KnowBe4 is the only company that provides transparent pricing online. As such, it is difficult to compare the value provided by these products as it relates to cost.
Proofpoint Security Awareness Training
Proofpoint Security Awareness Training provides both training and testing capabilities. Proofpoint also offers a compliance solution, but it is not available as an add-on. KnowBe4 may be the better option for companies looking to purchase both security and basic compliance training. For a more thorough comparison of these products’ features and reviews, view their comparison page.
Cofense PhishMe provides a similar training program to KnowBe4 Security Awareness Training. Where Cofense really sets itself apart is its wide array of security products. This makes it a better fit for companies looking to easily integrate several aspects of their security tech stack. Cofense does not offer any compliance products. KnowBe4 is the better option for companies that find the combination of security and compliance training appealing. For a more thorough comparison of these products’ features and reviews, view their comparison page.
Infosec IQ performed similarly to KnowBe4 Security Awareness Training in TrustRadius awards. They won 1st in Best Feature Set and Best Relationship in 2022, and received a Top Rated Award in 2021. Infosec IQ offers a similar content library intended for training employees of all skill levels. They also offer a separate product, Infosec Skills, for more technical training. This product is intended for security professionals. These products are available in a bundle at a discounted price. For a more thorough comparison of these products’ features and reviews, view their comparison page.
KnowBe4’s customer testimonial demonstrates how the product can be used to train IT and non-technical employees.
This webinar provides an in-depth overview of how KnowBe4 Security Awareness Training can help protect your business.
Have you used any of the products mentioned above? Help technology buyers make better decisions by leaving a review.
Definitions of Security Terms
Phishing - Bad actors send emails that look like they’re from a reputable company, coworker, etc. in order to bait the recipient into taking an action. These actions typically involve sharing personal information, such as passwords or bank information, clicking on suspicious links, or downloading attachments. If the recipient takes any of these actions, they open the door for the bad actor to cause harm.
Vishing - The same concept as phishing, but through voice calls.
Smishing - The same concept as phishing, but through SMS messages.
Social Engineering - When bad actors manipulate people into giving them (often highly sensitive) information through some form of deception. Phishing, vishing and smishing are all common forms of social engineering attacks.
Malware - Malware is malicious software. There are several types of malware, but they typically give attackers unauthorized access to a device or network. Malware can also damage data or hinder the performance of a device or network. Viruses and ransomware are examples of malware. Malware is often installed on devices unintentionally. Installation is usually the result of social engineering, such as phishing attacks.
Ransomware - A type of malware that, once installed, can hold your data hostage. Ransomware will either render data inaccessible or threaten to publish it until the victim pays a ransom. Ransomware is often installed on devices unintentionally. Installation is usually the result of social engineering, such as phishing attacks.