KB4 is good overall, but be ready for some upfront configuration work
Updated July 27, 2023

KB4 is good overall, but be ready for some upfront configuration work

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

Training Access Level III (Diamond)

Modules Used

  • KnowBe4 Training Modules (e.g. Common Threats, Creating Strong Passwords, GDPR, etc.)
  • KnowBe4 Training Micro-modules (e.g. Captain Awareness, Credit Card Security, etc.)
  • Popcorn Training

Overall Satisfaction with KnowBe4 Security Awareness Training

KB4 is part of our overall cybersecurity program - specifically targeting security awareness. We have campaigns to do monthly automated phish emails to all users, a smaller targeted monthly campaign for our finance users, and two automated training program campaigns. One of these is for new hires. New employees are automatically assigned training. The last campaign is for yearly required training for all employees.
  • Automated campaigns.
  • Adding new users from Active Directory.
  • Customization of email templates.
  • The logic to automatically add people to campaigns has a little bit of a learning curve. The setup isn't very straightforward.
  • Even though we have the diamond subscription, many of the training modules don't work for us for one reason or another. There is either something in the training that doesn't quite match my organization's policies (or terminology) or it's not well done.
  • The email templates are not consistent within a group of related communications. Meaning you can have automated emails sent out to remind users to take a training, report on progress, complete emails, etc but those emails are not formatted consistently. I have to edit each one, which is there is some configuration pain to this as well, to make all the communications consistent and professional.
  • KB4 allows us to be in compliance with our yearly IT audit.
  • Cyber insurance will ask about awareness training so it meets that need as well.
  • Our employees do seem to have a better understanding of phishing and how to avoid them, which keeps our organization better protected.

Do you think KnowBe4 Security Awareness Training delivers good value for the price?


Are you happy with KnowBe4 Security Awareness Training's feature set?


Did KnowBe4 Security Awareness Training live up to sales and marketing promises?


Did implementation of KnowBe4 Security Awareness Training go as expected?


Would you buy KnowBe4 Security Awareness Training again?


As already mentioned, we meet certain compliance standards from our auditors and cyber insurance companies. We probably use more of the "basic" training content versus the "fresh" Netflix-style training. The main benefit has been mostly the automation features. The training content still needs to be good otherwise would make the whole system not very valuable, but I'm using content that is good enough in conjunction with the automation.
We sync new users from Active Directory to the KB4 system. We have certain Active Directory security groups set up that when we assign that group to the user then it properly syncs to the KB4 groups. Having different KB4 groups allows the flexibility to target phishing campaigns to those groups. When a user is removed from Active Directory it will sync to KB4 and remove them from the system so we keep to our license user count.
For each phish or training campaign, I can see the click rates - who clicked on a phishing link - and I can also see particular users' click history. I've implemented a campaign using KB4 logic that when a user clicks 2 links out of the last 4 tests they will be assigned remediation training. For training reports, I can see who's completed the training, or not, and can send them automated or manual reminder emails to complete the training.
If you have a small IT staff and need automation to help with your security awareness training, then KB4 is good - albeit with some decent initial configuration effort. I wouldn't necessarily get the higher subscription though to access more of the training as most are not useable. If you have a bigger staff that can dedicate more time to awareness I think KB4 can still be good.

KnowBe4 Security Awareness Training Feature Ratings

Training Content Library
Multilingual Training Content
Training Gamification
Industry-Specific Security Training
Individualized Security Training Plans
Phishing Simulations
Security Reporting
Integration with Security Tech Stack
Not Rated
Role-based user permissions
Single sign-on capability

Using KnowBe4 Security Awareness Training

Like to use
Relatively simple
Easy to use
Technical support not required
Well integrated
Quick to learn
Feel confident using
Lots to learn
  • Any template can be customized with branding or content changes.
  • Active Directory integration is very helpful in maintaining the list of active users.
  • Auto communication notifications can be setup for the user, the user's manager, and the admins.
  • If customizing a template, it can be difficult to find it again in other parts of the system, like when setting up notifications.
  • Getting users who click on a phishing email automatically added to a group but auto removing them isn't straight forward. This is when adding a user to remediation training group and then removing them after they've completed it.

Relationship with KnowBe4

We joined with a cohort group so I didn't work with a rep directly at first. However, later our rep is very attentive.
The post-sales rep can be very pushy. They want to ensure you are well supported, but it borders on being excessive.