Jan 20, 2026
KnowBe4 dominates security awareness training. They've trained millions. They have 1,200+ videos in their library. They're the name everyone knows.
They also have a 1.9-star rating on Trustpilot—with 85% of reviews being 1-star.
That's not a typo. The world's most popular security awareness platform is rated "Poor" by the people forced to use it.
Here's a real review from November 2025:
"The trainings are worse than terrible, the content is garbage, the value they bring is unclear but rather negative."
And another:
"I tend to fast-forward through these stupid videos or if I'm prevented from fast-forwarding, I just play the videos in the background while I do my ACTUAL work. When it comes to the test portion, I always score at least 90-100 percent, even though I don't watch the stupid videos."
That's not a training program. That's compliance theater with a certificate.
We analyzed the Trustpilot reviews, cross-referenced with G2 feedback, and talked to dozens of IT leaders who switched platforms. The pattern is consistent: KnowBe4 was built for enterprises with dedicated security teams.
If you're an IT Director at a 200-person company who inherited security training along with 47 other responsibilities, you're not their customer—you're their afterthought.
This isn't a hit piece. KnowBe4 works well for large enterprises with full-time security awareness managers. But if that's not you, here's what 85% of Trustpilot reviewers wish they'd known before signing.
The Content Bloat Problem
KnowBe4's 1,200+ video library sounds impressive on a sales call.
In practice, it creates a new job you didn't apply for: Content Curator.
G2 reviewers describe the experience:
"Difficulty finding training in the library that is both relevant and engaging."
"All information is generic stuff users already know."
Trustpilot is harsher:
"Security courses against phishing designed for elderly... Courses are boring and useless, teaching you about things so obvious that you regret doing the course out of your paid time."
Here's what happens in reality: You sign up expecting a turnkey solution. Instead, you inherit 1,200 videos with no guidance on which ones matter.
Some haven't been updated in years. Some are industry-specific content that doesn't apply to you. Some are 2-hour narrator-reads-slides marathons that employees will never finish.
So you spend 3-5 hours per month evaluating content, building training paths, and hoping you picked the right videos.
That's not Managed Workshops. That's a part-time job you didn't budget for.
The math is brutal: 1,200 videos × 5 minutes to evaluate each = 100 hours to review the full library.
Nobody does this. Instead, you pick 10-15 videos and hope for the best. Employees see the same content repeatedly, memorize the answers, and learn nothing.
What Managed Workshops actually look like: One Workshop per month, curated by security professionals, covering topics that matter. You pick the schedule—monthly or quarterly. The platform handles everything else.
No library to manage. No content decisions to make. No 3-5 hours per month lost to curation.
At Kinds, we made a deliberate choice: fewer Workshops, higher quality, zero curation required. Your employees get 4-8 minute interactive sessions on relevant topics through our Design-Led Security Awareness Training approach. You get your time back.
The "Managed" Misnomer
KnowBe4 calls itself a managed platform.
Here's what that actually means in practice:
You assign training campaigns
You configure user groups
You check who completed what
You chase employees who didn't finish
You export reports for compliance
You update the auditors
G2 reviewers confirm this:
"Platform doesn't connect to essential security services; users must manually check weekly which employees completed training."
"Users have to manually create their own reports due to poor built-in reporting."
"Campaigns and groups are difficult to administer for new campaigns; very cumbersome process."
The platform provides tools. You provide the labor.
For a 500-person enterprise with a dedicated Security Awareness Manager, this model makes sense. For an IT Director who also handles helpdesk tickets, network issues, vendor management, and everything else? It's a time sink that never ends.
The weekly KnowBe4 ritual:
Log into the platform
Check completion rates
Identify who hasn't finished
Send reminder emails
Export reports to your compliance software
Repeat next week forever
That's 2-4 hours per week of administrative work that produces zero security value. Over a year, you're spending 100+ hours on training administration instead of actual IT work.
What Managed Workshops actually look like: Automated enrollment when employees join. Automated follow-ups for incomplete training. Automated progress tracking. Easy compliance reporting.
You get notified when something needs attention—otherwise, it runs itself.
At Kinds, we built the platform for IT teams who don't have time to become training administrators. Set your schedule, add your learners, and walk away. The system handles enrollment, reminders, and follow-ups automatically.
The Admin Tax
KnowBe4's interface was built by adding features over 15 years.
The result: a cluttered dashboard that requires training to use the training platform.
G2 reviewers describe the experience:
"Reporting is difficult and not user-friendly."
"Too many non-relevant tabs causing navigation difficulty."
"New features feel incomplete and not fully integrated into core functionality."
IT Directors report spending their first month just learning how to navigate the system.
Which reports show what you need? How do you set up a campaign correctly? Why did half your employees not receive the email? Where is that setting you changed last month?
The platform has power. Using that power requires expertise you don't have time to develop.
Every hour you spend figuring out KnowBe4's interface is an hour not spent on actual security work.
One Trustpilot reviewer captured the sentiment:
"Huge waste of time for employees. Only for system administrators and managers who are way too lazy to think about awareness themselves and need to rely on these amateurs."
Harsh, but the frustration is real.
What simple looks like: A dashboard that shows three things: who completed training, who needs attention, and your compliance status.
No certifications required. No training on the training platform. No tab hunting.
At Kinds, you can sign up, create your organization, add learners, and launch both Managed Workshops and Managed Phishing in under 5 minutes. We designed the platform for IT Directors with 47 other responsibilities, not security awareness specialists with nothing else to do.
The Repetition Problem
Here's the dirty secret of security awareness training: employees don't learn from it. They memorize it.
When the same phishing quiz appears every quarter, employees don't think "how do I identify a phishing email?"
They think "the answer is B, then C, then A."
G2 reviewers confirm this:
"Tests are repetitive with content that doesn't change, making employees quickly memorize answers."
"Content designed in manner that doesn't engage or interest learners; low retention from training program."
"Cheesy and simplistic quizzes with very little actual content."
But this Trustpilot review says it best:
"I tend to fast-forward through these stupid videos or if I'm prevented from fast-forwarding, I just play the videos in the background while I do my ACTUAL work. When it comes to the test portion, I always score at least 90-100 percent, even though I don't watch the stupid videos."
Read that again. Scoring 90-100% on tests without watching the videos.
That's not a training program. That's a checkbox that doesn't protect anyone.
KnowBe4's model optimizes for completion rates, not behavior change. The platform reports 95% completion. Your phishing click rates stay the same.
The disconnect is by design—they're selling compliance certificates, not security improvement.
What effective Workshops look like: Story-driven scenarios that change each time. Personalized content based on the learner's role. Progressive difficulty as employees improve. Training that's measured by behavior change, not just completion.
At Kinds, every Workshop is an interactive experience—not a video to minimize while doing other work. KindsAI personalizes each session to the learner's role and past performance. Employees make decisions, face consequences, and remember what they learned.
4-8 minutes of engagement beats 45 minutes of background noise.
The Engagement Fallacy
Open any KnowBe4 training video.
Within 30 seconds, you'll see stock footage, a narrator reading bullet points, information employees already know, and zero connection to their actual job.
G2 reviewers describe it:
"Incredibly boring content with minimal effort."
"The OWASP Top 10 program is hands down the worst training content—2+ hours of narrator reading text on slides."
"Mundane presentation that doesn't engage or interest learners."
Trustpilot is even more direct:
"Truly terrible IT training! I've just suffered through the KnowBe4 training, hating every minute of it... videos you couldn't skip, basic information everyone who is halfway IT literate knows already, poorly worded and ambiguous quiz questions."
"The only people who can 'gain' anything out of these dumb trainings are the creators of KnowBe4 (who are the real scammers making money off this product) and technologically inept people who don't use common sense when it comes to cybersecurity."
Employees treat KnowBe4 like a chore because it is a chore.
They minimize the window, do other work, and click through when the quiz appears. This isn't a motivation problem. It's a design problem.
KnowBe4 optimized for volume (1,200 videos!) instead of quality. Creating engaging content is expensive. Creating boring content at scale is cheap.
The real test: Ask any employee what they learned from their last security training. If they can't answer in 10 seconds, the training failed—regardless of what the completion report says.
What Design-Led Security Awareness Training looks like: Interactive scenarios, not passive videos. Choose-your-own-path decisions with consequences. Content personalized to the learner's role. Short enough to maintain attention. Adult-focused material that respects the learner's intelligence.
At Kinds, we build Workshops that employees actually remember. 4-8 minutes of interactive, story-driven content beats 2 hours of narrator-reading-slides every time.
When training respects employees' time and intelligence, engagement stops being a problem.
The Localization Gap
If you have employees outside the US—or even employees whose first language isn't English—KnowBe4 becomes a liability.
G2 reviewers report:
"Few training videos available in multiple languages."
"Automatic translation is lousy in some languages with no solution from support."
"Must reuse same training videos for multiple languages."
This Trustpilot review captures the absurdity:
"They send all their stupid phishing test emails in english BUT I work in a francophone workplace so nothing can look possible in all the crap they send."
When Phishing Sequences arrive in the wrong language, they're obviously fake.
Employees learn to ignore anything in English—including real phishing attempts that happen to come from English-speaking attackers. The training creates a false sense of security while missing the actual threat.
KnowBe4 uses automated translation for much of their content. The result: awkward phrasing that undermines credibility, technical terms translated incorrectly, and cultural references that don't transfer.
Employees tune out because the content feels foreign.
For global companies, this isn't a minor inconvenience. It's a compliance risk. Training that employees can't understand isn't training—it's a checkbox that doesn't protect anyone.
What global-ready looks like: On-demand translation for both text and audio. Cultural adaptation, not just word-for-word translation. Native-sounding content in every supported language.
At Kinds, we support 60 languages. When your team is global, your Workshops and Managed Phishing should be too.
The Support Void
KnowBe4 is a volume business.
At their scale, support becomes a cost center to minimize, not a service to provide.
G2 reviewers describe the experience:
"Support is not helpful; support tickets have never resolved issues effectively."
"Issues escalated to the highest levels of KnowBe4 have been disregarded."
"Account managers call frequently with robotic sales pitches meant to push new features."
Trustpilot tells the same story:
"They were never able to get the software working, shuffled me between several different people, poor onboarding, never was able to implement it—they kept my money—unethical and unreliable company and software. Avoid them."
"Trying to get in touch with these people for weeks. Never hear anything back."
The pattern is consistent:
Submit a support ticket for a real issue
Receive an automated response with irrelevant documentation
Reply explaining the documentation doesn't help
Wait days for a human response
Human suggests the same irrelevant documentation
Give up and build a workaround
Meanwhile, your account manager calls monthly to pitch add-ons you don't need.
KnowBe4 has tens of thousands of customers. They cannot provide high-touch support at their price point. You're paying for software, not partnership.
If something breaks, you're on your own.
What partnership looks like: Issues resolved in hours, not weeks. Support from people who understand the platform, not ticket-readers. Feedback that actually influences the product.
At Kinds, we're building a company, not an empire. Our customers get real support because we're small enough to care and focused enough to help.
The Irony Problem
This might be the most damning evidence of all.
Multiple Trustpilot reviewers—independently—reported the same experience:
"The invitation email for the assessment looked so suspicious that I immediately deleted and reported it as phishing. Email had all the hallmarks of a scam. Only after confirming with our IT department did I realize it was legitimate."
"Truly terrible IT training! The email invites to the training looked so unprofessional and fake that I repeatedly reported them as phishing!"
Let that sink in: A security awareness company sends emails that look so much like phishing that users report them as phishing.
This isn't a minor UX issue. It's a fundamental credibility problem.
When your training emails look indistinguishable from the threats you're supposed to be teaching people to avoid, you've created confusion—not awareness.
Employees learn that "suspicious-looking emails might actually be legitimate," which is the opposite of what security training should teach.
This reflects a company optimized for volume, not quality. When you're sending millions of emails, you cut corners on design. When you cut corners on design, your emails look like spam.
What professional communication looks like: Training invitations that are clearly branded, come from recognizable domains, and don't trigger every phishing red flag you've taught employees to watch for.
The Pricing Illusion
KnowBe4's per-seat pricing looks competitive on paper.
But the total cost includes hidden labor:
Item | Visible Cost | Hidden Cost |
|---|---|---|
Annual license | $25-40/user | — |
Administration time | — | ~$2,800/year |
Content curation | — | ~$2,100/year |
Report generation | — | ~$1,400/year |
Learning the platform | — | ~$1,200 one-time |
For a 200-person company, your "$5,000 platform" actually costs $12,000-15,000 when you account for your time.
And here's what KnowBe4 doesn't offer: monthly billing.
You're locked into an annual contract before you know if the platform works for you. If it doesn't? Too bad—you've already paid.
What transparent pricing looks like: A price that reflects the actual cost, with no hidden labor. Billing flexibility that lets you try before you commit.
At Kinds, pricing is simple: $2/learner/month on our monthly plan, or $18/learner/year on annual.
No hidden administration costs because the platform actually runs itself. No annual lock-in required—start with a free 21-day trial, go monthly if you want flexibility, switch to annual when you're ready.
The real question isn't "which platform is cheaper per seat?" It's "which platform costs less of your time?"
The Managed Phishing Gap
Security awareness training is only half the equation.
The other half is Managed Phishing—testing whether employees can actually recognize threats in practice.
KnowBe4 offers phishing simulation, but the complaints we've already covered apply here too: difficult to configure, confusing to administer, and emails that sometimes look so unprofessional they undermine the training.
Worse, some users report that the simulation creates perverse incentives:
"False scores make your organization look weaker than it is—making you feel you need KnowBe4 more than you do."
"You never get credit for reporting a test phishing email, even when it was never opened. If you open a test phishing email and immediately report it without clicking a link, you get a ding."
When your Phishing Sequences punish employees for doing the right thing (reporting suspicious emails), you're training them to not report.
That's the opposite of security awareness.
What Managed Phishing looks like: Phishing Sequences that run automatically on your schedule. Realistic Phishing Templates that actually test awareness. Credit for reporting—because that's the behavior you want to encourage.
No manual campaign configuration required.
At Kinds, Managed Phishing is included from day one. Set your frequency, and the platform handles the rest.
Employees get realistic simulations built from our Phishing Template library. You get clear reporting on who's improving and who needs help.
No campaign building. No template hunting. No false penalties for doing the right thing.
Who KnowBe4 Actually Works For
To be fair: KnowBe4 isn't bad for everyone.
KnowBe4 works well if you:
Have 1,000+ employees and dedicated security staff
Employ a full-time Security Awareness Manager
Want granular control over every aspect of training
Have time to master a complex platform
Operate primarily in the US with English-speaking employees
KnowBe4 doesn't work well if you:
Have 100-500 employees
Handle security training alongside 47 other responsibilities
Need training to actually run itself
Have international or multilingual employees
Value your time more than feature count
Want to try before you're locked into an annual contract
The mismatch isn't entirely KnowBe4's fault. They built a platform for enterprises with dedicated security teams.
The problem is they market it to everyone—including IT Directors at 200-person companies who don't have time to become training administrators.
What Managed Workshops and Managed Phishing Actually Mean
The security awareness market has a language problem.
Every vendor says "managed." Almost none of them mean it.
Here's the test: After setup, how many hours per month does your platform require?
If the answer is more than one, it's not managed. It's software with your labor attached.
At Kinds, we built the platform for IT teams who can't afford to manage training software. Here's what that actually means:
Setup in minutes: Sign up, create your organization, add learners, and launch training in under 5 minutes. No sales call required. No week-long implementation.
Enrollment and follow-ups: Automated. When employees join, they're enrolled. When they fall behind, they're reminded. You don't chase anyone.
Workshops that work: One Workshop per month (or quarterly if you prefer), 4-8 minutes each, interactive and story-driven. KindsAI personalizes each session. Employees remember what they learned because the training respects their time and intelligence.
Managed Phishing included: Realistic Phishing Sequences run automatically on your schedule. No campaign configuration. No template hunting.
60 languages: When your team is global, your training should be too.
Easy compliance reporting: When the auditor asks, you have answers. One click, not an hour of exports.
Pricing that makes sense: $2/learner/month or $18/learner/year. No hidden labor costs. No annual lock-in required.
Try before you commit: Free 21-day trial. See if it fits before you pay anything.
You pick a schedule. We handle the rest.
No 1,200-video library to manage. No weekly report generation. No reminder emails to send. No platform that requires training to use.
Design-Led Security Awareness Training that actually runs itself—so you can focus on the 47 other things on your plate.
Ready to See the Difference?
Sign up at kindssecurity.com and launch training tonight—no sales call, no annual contract, no month-long implementation.
Your 21-day free trial includes everything: Managed Workshops, Managed Phishing, and a platform that doesn't require a manual.
If KnowBe4 taught you that security awareness training has to be painful, let us show you it doesn't.
Want to learn more about why traditional security training fails? Read our analysis: Why Security Awareness Training Fails: Evidence from 2025
