I have a challenge with the stability while using KnowBe4. I have made an observation regarding the login process. For every login attempt, because my organization uses KnowBe4 with a large staff strength, a new passwordless login link is sent. This process could be reviewed to make the session login more seamless, as receiving a new password link for every login attempt is stressful and not as efficient as it should be. Sometimes I feel reluctant to log in because I know I will have to receive a reset link. This is the only challenge for me personally.
An area for improvement in KnowBe4 is the repetitive content for users completing multiple training sessions. Additionally, some email simulations were blocked by spam filters, requiring IT to whitelist these email simulations.
I think KnowBe4 focuses primarily on emails, phishing emails, and business. We need more experience about dealing with hackers and scams on social media, especially when we receive links from unknown people who create elaborate stories to manipulate our feelings to click on links. KnowBe4 should focus more on these issues and provide guidance on dealing with links received from individuals who attempt to manipulate our emotions, particularly on social media platforms such as Facebook and LinkedIn. Recently on LinkedIn, there have been numerous posts regarding job offers where companies post opportunities without providing official email addresses, requesting direct messages instead. We face difficulties determining whether these job offers are legitimate or phishing attempts, specifically on LinkedIn.
Information Technology Solution Specialist at Toyota South Africa
Real User
Top 20
Jun 16, 2025
For now, I'm happy with the product. I wouldn't say there's much improvement that needs to be made. I feel that the marketing of KnowBe4 needs improvement because many people need to know more about the types of cyber securities that exist. Many people, if you ask them if they have used KnowBe4, would say no. If you ask them about certain things that relate to cyber securities or attacks, they wouldn't know. I would like for KnowBe4 to really market itself extensively within organizations to raise awareness.
It is difficult to identify areas for improvement because this company is developing rapidly, and they are working on AI assistance for creating better knowledge, better learning experiences, and creating more sophisticated templates. They are working in the right direction. They are visionaries and leaders of the markets, so they are doing it correctly. I cannot identify any obvious gaps or areas where they should work better. They are rather good.
Cyber Security Engineer at a financial services firm with 10,001+ employees
Real User
Top 10
May 20, 2025
As an architect who designs security solutions at Capitec, Africa's largest bank with 25-27 million clients, we must ensure good cybersecurity awareness for users. There are gaps in overall security coverage. I rate KnowBe4 a 7 because improvements could be made beyond entry points and foothold perspectives. For instance, considering SQL injection vulnerabilities, more content should be provided for developers. Adding a section specifically for developers would be beneficial, targeting that market as effectively as the organization-wide phishing email training. Organizations that have used KnowBe4 for years are developing good security habits. KnowBe4 could educate people about OWASP Top 10 in web security testing and API security. Since OWASP Top 10 is open source, teaching these principles to keep organizations secure beyond Exchange server protection would be valuable.
Some more AI-driven automation for creating training and phishing testing campaigns, as well as automated reporting would help. The Phish Alert button could be improved, although it is understood this is due to Microsoft's constant changes. Any improvements in wizards and documentation are always a good thing!. Additonal areas for improvement could be around the technical training and best practice training areas such as NIST CSF, CISv8, Cyberinsurance, and more. Clearer whitelisting requirements are always appreciated. However, the current levels are significant and appreciated.
Senior Research Analyst - Security, Privacy, Risk & Compliance at Info-Tech Research Group
Real User
Top 10
Apr 17, 2024
Enhancing the product's emotional intelligence, particularly by providing training content tailored to specific audiences, is an area for improvement. This could be achieved through systems integration with machine learning, which analyzes user behavior and click patterns. By leveraging this data, the tool could suggest targeted training topics or content to individuals based on their unique interactions and behaviors.
It could be more localized for Ukrainian users. This platform is international, and it has a lot of material in different languages, but not in Ukrainian and Russian languages. There's plenty of different content updated regularly for English, French, and German users. They have a lot more information, and Ukrainian users also want more. The platform is divided into two separate parts, the administrator part, and the user part. The user part is localized and is available in Ukrainian, and there's no problem using it knowing only one language. But administrative parts used by cybersecurity specialists demand English knowledge. They also have few problems with the interface. It's rather user-friendly, but it's about the quantity of localized content. I know that they are working on artificial intelligence. I think it can be useful if AI could be used to select some modules for a more automated educational process.
Network Security Administrator at a non-profit with 51-200 employees
Real User
Dec 14, 2020
It can be more interactive with users. We want to put the users in different scenarios and let them make decisions. For example, instead of making users go through a video and then asking questions, it can have a video where they click on the scenarios and have to make decisions. It can maybe have something like a live simulation. It would be nice for users.
Old school Security Awareness Training is static. It’s a one-time event without follow-up. KnowBe4's Kevin Mitnick Security Awareness Training starts with a baseline test to show the actual Phish-prone percentage of your users. Then it steps users through effective, interactive, on-demand browser-based training. As step three, you send frequent simulated phishing attacks to your employees to reinforce the training. This last feature, frequent simulated phishing attacks (we recommend at the...
I have a challenge with the stability while using KnowBe4. I have made an observation regarding the login process. For every login attempt, because my organization uses KnowBe4 with a large staff strength, a new passwordless login link is sent. This process could be reviewed to make the session login more seamless, as receiving a new password link for every login attempt is stressful and not as efficient as it should be. Sometimes I feel reluctant to log in because I know I will have to receive a reset link. This is the only challenge for me personally.
An area for improvement in KnowBe4 is the repetitive content for users completing multiple training sessions. Additionally, some email simulations were blocked by spam filters, requiring IT to whitelist these email simulations.
I think KnowBe4 focuses primarily on emails, phishing emails, and business. We need more experience about dealing with hackers and scams on social media, especially when we receive links from unknown people who create elaborate stories to manipulate our feelings to click on links. KnowBe4 should focus more on these issues and provide guidance on dealing with links received from individuals who attempt to manipulate our emotions, particularly on social media platforms such as Facebook and LinkedIn. Recently on LinkedIn, there have been numerous posts regarding job offers where companies post opportunities without providing official email addresses, requesting direct messages instead. We face difficulties determining whether these job offers are legitimate or phishing attempts, specifically on LinkedIn.
For now, I'm happy with the product. I wouldn't say there's much improvement that needs to be made. I feel that the marketing of KnowBe4 needs improvement because many people need to know more about the types of cyber securities that exist. Many people, if you ask them if they have used KnowBe4, would say no. If you ask them about certain things that relate to cyber securities or attacks, they wouldn't know. I would like for KnowBe4 to really market itself extensively within organizations to raise awareness.
It is difficult to identify areas for improvement because this company is developing rapidly, and they are working on AI assistance for creating better knowledge, better learning experiences, and creating more sophisticated templates. They are working in the right direction. They are visionaries and leaders of the markets, so they are doing it correctly. I cannot identify any obvious gaps or areas where they should work better. They are rather good.
As an architect who designs security solutions at Capitec, Africa's largest bank with 25-27 million clients, we must ensure good cybersecurity awareness for users. There are gaps in overall security coverage. I rate KnowBe4 a 7 because improvements could be made beyond entry points and foothold perspectives. For instance, considering SQL injection vulnerabilities, more content should be provided for developers. Adding a section specifically for developers would be beneficial, targeting that market as effectively as the organization-wide phishing email training. Organizations that have used KnowBe4 for years are developing good security habits. KnowBe4 could educate people about OWASP Top 10 in web security testing and API security. Since OWASP Top 10 is open source, teaching these principles to keep organizations secure beyond Exchange server protection would be valuable.
I would like to see Novo4 expand to other channels outside of emails to things such as text messages.
Some more AI-driven automation for creating training and phishing testing campaigns, as well as automated reporting would help. The Phish Alert button could be improved, although it is understood this is due to Microsoft's constant changes. Any improvements in wizards and documentation are always a good thing!. Additonal areas for improvement could be around the technical training and best practice training areas such as NIST CSF, CISv8, Cyberinsurance, and more. Clearer whitelisting requirements are always appreciated. However, the current levels are significant and appreciated.
Enhancing the product's emotional intelligence, particularly by providing training content tailored to specific audiences, is an area for improvement. This could be achieved through systems integration with machine learning, which analyzes user behavior and click patterns. By leveraging this data, the tool could suggest targeted training topics or content to individuals based on their unique interactions and behaviors.
It could be more localized for Ukrainian users. This platform is international, and it has a lot of material in different languages, but not in Ukrainian and Russian languages. There's plenty of different content updated regularly for English, French, and German users. They have a lot more information, and Ukrainian users also want more. The platform is divided into two separate parts, the administrator part, and the user part. The user part is localized and is available in Ukrainian, and there's no problem using it knowing only one language. But administrative parts used by cybersecurity specialists demand English knowledge. They also have few problems with the interface. It's rather user-friendly, but it's about the quantity of localized content. I know that they are working on artificial intelligence. I think it can be useful if AI could be used to select some modules for a more automated educational process.
It can be more interactive with users. We want to put the users in different scenarios and let them make decisions. For example, instead of making users go through a video and then asking questions, it can have a video where they click on the scenarios and have to make decisions. It can maybe have something like a live simulation. It would be nice for users.