“Human error. Conquered”

Founded: 2010 in Florida, USA

Category: Cybersecurity

Primary office: Clearwater, Florida (USA)

Core technical team: Clearwater, Florida (USA)

Status: Private

Employees: 300

Amount raised: $384 million (4 rounds – June 2019)


  • Provides the world’s largest security awareness training and simulated phishing platformà
  • Enables employees to make smarter security decisions every day



  • Valuation – $1 billion (2019)
  • Revenue – $123 million (2018)



  • World’s largest security awareness training (over 900 security awareness training content items) and simulated phishing platform.
  • 28,000 customers
  • World’s largest library of security awareness training content
  • Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates
  • Over 12-months with 9-million users, reduced initial baseline phish-prone percentage from 30% to 2%
  • Gartner positions KnowBe4 as best in Leader’s Quadrant of the 2019 Magic Quadrant for the security awareness computer-based training (CBT) market.
  • With the KCM GRC product (described under ‘Sells’) complete governance, risk, compliance audits in half the time
  • Extended offerings through acquisition of five companies (four named: Twist and shout, CLTRe, Exploqii, and Popcorn training).
  • Various training materials translated into 27-languages
  • Largest full-time content development staff: over 40 people
  • 26 quarters of revenue growth



  • PhishER – Lightweight security orchestration, automation and response (SOAR) platform to orchestrate your threat response and manage the high volume of potentially malicious email reported by users. Respond to the most dangerous threats more quickly
  • KCM GRC Platform – SaaS-based governance, risk and compliance (GRC) platform to effectively and efficiently manage risk and compliance within an organization and obtain insights into security program gaps. Optional modules include compliance management, policy management, risk management and vendor risk management. (SaaS – Software as a service)



  • Kevin Mitnick security awareness training – Specializes in making sure employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering and can apply this knowledge in their day-to-day job
  • Enterprise awareness training program – Comprehensive approach that integrates baseline testing using mock attacks, engaging interactive web-based training, and continuous assessment through simulated phishing, vishing (fraudulent use of phone calls and voice messages) and smishing (fraudulent use of text messages) attacks to build a more resilient and secure organization
  • Numerous training modules covering many aspects of cybersecurity such as basics of credit card security, handling sensitive information, mobile device security, ransomware for hospitals training, and social engineering red flags
  • Managed services for learning management systems


  • Channel partnership program focusing on best-in-class, world’s largest security awareness training content and full automated simulated phishing attacks; revenue growth through cross-selling, up-selling and renewal opportunities; easy to install product, and utilize reporting to help convey risk
  • Partners with Wise Capital Strategy, a strategic lobbying firm, to enhance Washington, D.C., presence and recognize importance of training in national security
  • International presence – Australia, Brazil, England, Germany, the Netherlands, Singapore, South Africa


  • Leading names in Cybersecurity including Kevin Mitnick
  • KnowBe4 platform is user-friendly, intuitive and built to scale; can be deployed into production twice as fast as their competitors
  • Governance, risk and compliance product with templates for various regulatory regimes
  • Significant automation supporting policy management, risk management and  vendor risk management
  • Training hosted in KnowBe4 cloud learning management system, in the client’s learning management system, or as a managed service
  • Backs training with a crypto-ransom guarantee



  • Collection of free tools for clients to primarily self-test; build awareness. Additionally, various resources introduce key social engineering concepts
  • Well known cybersecurity experts (e.g., Kevin Mitnick)à
  • Large collection of educational artifacts


  • Accentuating automation and configurability of products
  • Expand offerings through acquisitions and partnering


  • Focuses on the human element of security by raising awareness of social engineering approaches
  • AIDA (Artificial Intelligence Driven Agent) – Beta product that combines phishing, vishing, smishing in a new social engineering attack vector. Bringing artificial intelligence to social engineering.

Assertions That Best Describe What the Company Did to Scale Early, Rapidly & Securely

  1. Increase demand of products and services by combining two or more resources in a way that the value created from them exceeds the sum of the value created from each resource separately
  2. Arrange and apply resources from different regions to increase profitability
  3. Increase value by simultaneously developing worldwide learning capabilities, multinational flexibility, and global competitiveness
  4. Develop and sell products that address a problem, job to be done or a need that is shared by a large and growing number of individuals and organizations in various regions to increase sales
  5. Increase sales by adapting products and services to each market
  6. Enter a new market by partnering with or purchasing local firms to increase sales
  7. Increase demand by using scientific and technological advances to develop innovative products and services
  8. To increase value, attain stakeholders’ trust by improving cybersecurity of the company and the players it works with
  9. Increase the company’s value by continuously seeking and receiving funding to support the company’s plan to scale and improve its image in the marketplace