Does KnowBe4 publish public pricing?

KnowBe4 does not publish detailed list pricing publicly. The pricing bands cited here are triangulated from public RFP awards on USASpending and GovSpend, reseller catalogue listings, and renewal-quote averages reported by buyer-community sources. Actual quoted pricing for a specific organisation can vary materially depending on negotiation, multi-year terms, and bundled product mix.

What are the KnowBe4 tier differences?

Silver: core security awareness training and phishing simulation. Gold: adds the full training library and PhishER for user-reported phishing triage. Platinum: adds advanced reporting and risk-score analytics. Diamond: adds PhishER Plus with automated mailbox cleanup, USB drive testing, and the broader content library.

How does KnowBe4 compare to Hoxhunt on cost?

KnowBe4 is generally less expensive per user than Hoxhunt at equivalent functional tiers. KnowBe4 Silver is roughly half the per-user cost of Hoxhunt entry-tier; Diamond tier approaches but does not exceed Hoxhunt enterprise pricing. The functional difference is that Hoxhunt emphasises continuous-per-user-behaviour-tracking while KnowBe4 emphasises content-library breadth.

Is KnowBe4 worth the price for SMBs?

Generally yes. The $20 to $30 per user per year Silver tier is the typical SMB entry point and produces measurable click-rate reduction over 12 to 24 months of use. Smaller SMBs may also access KnowBe4 through SMB-focused reseller bundles at lower effective pricing.

Filing 05.01.00Field 27 APR 2026Classification PublicStatus Open

KnowBe4 cost: $20 to $60 per user per year, tier-by-tier

Q: How much does KnowBe4 cost per user?

Estimated $20 to $60 per user per year depending on tier. Silver tier (base awareness training and phishing simulation) typically lands $20 to $30; Gold tier (training library plus PhishER incident reporting) typically $30 to $40; Platinum tier (full feature set including advanced reporting) typically $40 to $50; Diamond tier (with PhishER Plus, vishing simulation, and full content library) typically $50 to $60.

Q: What is PhishER and PhishER Plus?

PhishER is KnowBe4's user-reported phishing triage workflow that lets users report suspicious emails to a managed queue. PhishER Plus adds automated mailbox cleanup that propagates threat-removal across all user mailboxes when one user reports a phishing email. PhishER Plus is included in the Diamond tier and available as add-on at lower tiers.

KnowBe4 is the largest phishing-simulation training vendor in the US market by customer count. Pricing is not publicly published; the bands cited here are triangulated from public RFP awards, reseller catalogues, and renewal-quote averages reported by buyer-community sources. All figures as of 2026.

Exhibit A

The KnowBe4 pricing landscape: how to read the bands

KnowBe4 does not publish list pricing publicly, which is standard practice in the enterprise-software market. The price bands cited on this page are estimates triangulated from three classes of public-record source: federal and state government RFP awards published on USASpending.gov and GovSpend (which disclose contract dollar values and user counts), reseller catalogue listings (which include CDW, SHI, and SoftwareONE catalogue entries for KnowBe4 SKUs), and renewal-quote averages reported by buyer-community sources including Spiceworks community threads and Reddit /r/cybersecurity threads. Actual quoted pricing for a specific organisation can vary materially from these bands depending on negotiation outcome, multi-year contract terms, the bundled product mix, and the timing of the quote in KnowBe4's fiscal year.

The triangulation approach is necessary because KnowBe4, like most enterprise-software vendors, tailors pricing to the buyer's profile rather than publishing a uniform list price. A 200-user SMB and a 20,000-user enterprise will typically receive substantially different per-user pricing for the same tier. The bands cited here aim to represent the typical mid-market buyer profile (500 to 5,000 users) which is the modal customer segment for KnowBe4. SMB-tier buyers may receive lower effective pricing through SMB-focused reseller bundles; enterprise-tier buyers will typically negotiate volume discounts that bring per-user pricing to the bottom of the cited bands.[USASpending + GovSpend KnowBe4 contract records 2022-2025 + reseller catalogue listings + Spiceworks community pricing threads]

Exhibit B

The four KnowBe4 tiers and what they include

REFERENCE

Silver

$20 to $30 per user per year

Includes: Security awareness training content library, automated phishing simulation, basic phishing-test campaigns, baseline reporting

Fits: SMBs starting their first awareness training program. Mid-market organisations with limited cyber budget. Educational institutions and non-profits.

Gold

$30 to $40 per user per year

Includes: Everything in Silver, plus PhishER user-reported phishing triage workflow, expanded training-content library, and customisable phishing templates

Fits: Mid-market organisations with active SOC or helpdesk capability that can act on PhishER-reported emails. Buyers transitioning from Silver after demonstrating program-maturity.

Platinum

$40 to $50 per user per year

Includes: Everything in Gold, plus advanced reporting, risk-score analytics by individual user, integration with major SIEM platforms, custom training-content creation

Fits: Mid-market and lower-enterprise organisations with mature cyber program. Buyers needing per-user risk-score visibility for targeted-intervention programs.

Diamond

$50 to $60 per user per year

Includes: Everything in Platinum, plus PhishER Plus with automated mailbox cleanup, vishing simulation, USB drive testing, AIDA (AI-Driven Agent), the full content library including industry-vertical specialised content

Fits: Enterprise organisations with mature cyber program seeking complete awareness-training tooling. Industries with heavy vishing or USB-based attack exposure (manufacturing, government, healthcare).

Exhibit C

Per-organisation total cost worked examples

Organisation profile	Likely tier	Per-user cost	Annual total
100-employee SMB starting awareness	Silver	$25	$2,500
500-employee mid-market with SOC	Gold	$35	$17,500
2,000-employee mid-market mature program	Platinum	$45	$90,000
10,000-employee enterprise	Diamond (volume-discounted)	$42	$420,000
50,000-employee Fortune 500	Diamond (deep volume discount)	$32	$1,600,000

Worked examples use midpoint pricing within the tier band, modified by typical volume discount behaviour at larger user counts. Actual quotes may vary by 10 to 30 percent from these examples depending on negotiation and bundled product mix.[Triangulated from USASpending + GovSpend + reseller catalogue data]

Exhibit D

How KnowBe4 compares to the major alternatives

KnowBe4 is the largest phishing-simulation training vendor in the US market by customer count, but it sits in a competitive landscape with several distinct alternatives. The competitive position is shaped by content-library breadth, simulation quality, behavioural-measurement approach, and pricing.

Vendor	Per-user-year band	Distinguishing approach	Strongest segment
KnowBe4	$20-$60	Content-library breadth, US-market leader	SMB to enterprise broadly
Proofpoint PSAT	$25-$70	Bundled with Proofpoint email security	Existing Proofpoint customers
Cofense PhishMe	$30-$80	PhishMe + Triage IR-integrated	Mid-market to enterprise with SOC
Hoxhunt	$32-$90	Per-user behaviour-tracking analytics	Enterprise with mature program
SoSafe	$24-$72	EU-native, GDPR-design	EU organisations, US with EU operations
Infosec IQ	$20-$50	SMB-focused, simpler interface	SMB and mid-market
Wizer	$15-$35	SMB-focused, very low pricing tier	SMB and micro-business

Pricing bands are estimates triangulated from the same public-record sources cited throughout this page. Distinguishing-approach summaries reflect 2024-2025 product positioning and may shift over time. See cross-links at the bottom of this page for vendor-specific cost analyses.[Vendor-specific public RFP records + Forrester Wave Security Awareness Training 2024 + Gartner Magic Quadrant Security Awareness Computer-Based Training 2024]

Exhibit E

ROI math: training cost vs avoided phishing event cost

The ROI calculation for phishing-simulation training is straightforward in principle: compare the annual program cost against the modelled reduction in phishing-event cost. The published literature on click-rate reduction from KnowBe4 and similar programs is reasonably consistent. Hoxhunt 2026, Cofense 2024, and KnowBe4's own annually-published Phishing Industry Benchmarks Report all show 50 to 70 percent reduction in baseline-bulk-phishing click rates over 24 months of continuous program use. The reduction against AI-grade spear phishing is materially lower (roughly half), and against AitM attacks (see /by-attack/aitm) is approximately zero because the lure-recognition gap is not the attack's failure mode.

For a 2,000-employee mid-market organisation paying $45 per user per year for KnowBe4 Platinum, the annual program cost is $90,000. Against the modelled $4.20M average mid-market phishing breach cost (see /by-scale/mid-market), even a 5 percent reduction in event-probability-weighted cost pays back the program multiple times over. The actual reduction at year 1 is typically smaller (20 to 30 percent click-rate reduction translates to maybe 10 to 15 percent event-cost reduction); at year 2-3 with sustained program the reduction matures to the 50 to 70 percent click-rate range with 25 to 40 percent event-cost reduction. The math favours sustained program investment.

The honest caveat is that the published click-rate reductions measure performance against bulk-phishing simulation lures, which are easier to recognise than the AI-grade lures attackers now deploy against real targets. Real-world program impact may be smaller than the published numbers suggest because the lure types in simulation are different from the lure types in production. This does not eliminate the ROI case but it does suggest that organisations should treat awareness training as a necessary layer rather than a sufficient defence, and that the training program should be paired with phishing-resistant MFA, behavioural email security, and a documented incident-response capability rather than substituted for them.[KnowBe4 Phishing Industry Benchmarks Report 2024 + Hoxhunt 2026 + Cofense 2024]

Exhibit F

What buyers should ask before signing the KnowBe4 contract

What is the per-user pricing including any volume discount?

Get the price stated as $X per user per year, not as an annual total, to enable comparison to alternative vendors. Volume discount tiers typically kick in at 1,000, 5,000, 10,000 user counts.

What is included at the offered tier and what is add-on?

Confirm in writing which features are included and which require add-on SKUs. PhishER, vishing simulation, USB testing, and custom content creation are particularly worth confirming because they move across tiers.

What is the multi-year-term discount?

3-year commitments typically yield 5-15% discount versus annual; 5-year typically 15-25%. Compare against the optionality cost of being locked in for the term.

What is the click-rate reduction commitment?

Ask the sales team to commit to a specific click-rate reduction target over 12-24 months. If they cannot or will not commit, treat the program as a hygiene investment rather than an ROI-driven one.

What is the contract auto-renewal mechanism?

Many KnowBe4 contracts auto-renew at the prevailing list price (which may be higher than negotiated initial pricing). Confirm the renewal-price mechanism and negotiate a renewal-price cap.

What is the data-residency and integration posture?

For organisations with EU data subjects or specific data-residency requirements, confirm where KnowBe4 hosts the data and how the integration interacts with your existing identity provider.

Exhibit G

Frequently filed questions

ON RECORD

How much does KnowBe4 cost per user per year?[open]

Estimated $20-$60 per user per year depending on tier. Silver $20-$30, Gold $30-$40, Platinum $40-$50, Diamond $50-$60. Bands triangulated from public RFP awards, reseller listings, and renewal-quote averages.

Does KnowBe4 publish list pricing?[open]

No. Pricing is quoted per-buyer based on user count, tier, multi-year term, and bundled product mix. Public pricing bands are estimates only.

What is PhishER?[open]

KnowBe4's user-reported phishing triage workflow. Included in Gold and above. PhishER Plus adds automated mailbox cleanup that propagates threat-removal across all user mailboxes when one user reports a phishing email.

How does KnowBe4 compare to Hoxhunt?[open]

KnowBe4 is generally less expensive at equivalent functional tiers. Hoxhunt emphasises continuous-per-user-behaviour-tracking while KnowBe4 emphasises content-library breadth.

Is KnowBe4 effective?[open]

Yes, against bulk phishing. Published click-rate reductions of 50-70% over 24 months are well-documented. Reduction against AI-grade spear phishing is roughly half that; against AitM attacks (where lure-recognition is not the failure mode) is approximately zero.

Is it worth it for an SMB?[open]

Generally yes. $20-$30 per user per year Silver tier is the typical SMB entry. Pays back on a single avoided event against the $3.31M average SMB breach cost.

What should I negotiate?[open]

Per-user pricing including volume discount, included vs add-on features, multi-year-term discount, click-rate-reduction commitment, renewal-price cap, data-residency posture.

Exhibit H