It's the percentage of your employees who click a link, open an attachment, or enter credentials in a simulated phishing email. Kick measures this at the start of your programme as a baseline, then re-tests regularly so you can see it fall as training takes effect, giving you a clear, measurable figure to report to management or the board.
Phishing is still the number one way businesses get breached, phishing attacks were the most prevalent and disruptive type of breach or attack, experienced by 85% of businesses that reported an incident in the UK Government's most recent Cyber Security Breaches Survey. No firewall or antivirus can fully protect you from an employee clicking the wrong link - which is why your people are your first and most important line of defence.
Kick ICT partners with KnowBe4, the world's largest security awareness training platform, to help you build a genuine security culture: testing where your team's weaknesses lie, training them to recognise real-world threats, and proving the results with clear, board-ready reporting.
See how Cyber Education can work for your business
A Complete, Four-Step Security Awareness Programme
1. Baseline testing
Every programme starts with a simulated phishing attack to establish your organisation's current "Phish-prone" percentage - a clear, measurable starting point for your security culture.
2. Train your users
We deploy training from the world's largest security awareness content library, interactive modules, videos, posters and newsletters, scheduled in ongoing monthly campaigns with automated reminders, so training becomes habit.
3. Phish your users
Using thousands of realistic templates, Kick runs regular simulated phishing campaigns. These emails look genuine but are completely harmless if clicked, giving your team safe, real-world practice at spotting threats.
4. See the results
Enterprise-grade reporting shows your organisation's progress over time - Phish-prone percentage, training completion, and risk trends - giving management the clear ROI evidence needed to support ongoing investment in security culture.
Why Security Awareness Training Is No Longer Optional
The threat landscape has shifted and the numbers back it up:
- Phishing attacks were experienced by 85% of businesses and 86% of charities that identified a breach or attack in the past 12 months
- 43% of UK businesses experienced a cyber breach or attack in the past year - around 612,000 companies
- Interviewees increasingly perceive that phishing attacks have become easier for attackers to commit, driving a rise in attack volumes - with AI-driven impersonation techniques becoming more sophisticated and harder to detect
- The average cost of a business's most disruptive breach was £1,600, rising to £3,550 when only breaches with a direct financial cost are counted
- The number one control in preventing successful phishing and ransomware attacks remains ongoing, structured user training - technology alone cannot close the human risk gap
(Sources: UK Government Cyber Security Breaches Survey 2025/2026, DSIT & Home Office)
Your Complete Security Awareness Training Programme
Kick has partnered with KnowBe4, the industry-leading platform for security awareness training, to give your organisation pre- and post-training phishing tests that clearly demonstrate improvement in your Phish-prone percentage over time.
We help you understand where your team's security knowledge and culture currently stand - then build a structured, ongoing programme to close the gap, backed by remedial training triggered automatically whenever someone falls for a simulated attack.
As a Microsoft-first IT partner, we also help you strengthen the technology layer alongside your people layer - including Microsoft Defender for Office 365 and Microsoft 365 Attack Simulation Training, so your human-risk training works hand-in-hand with the email security and threat protection already built into your Microsoft 365 environment. This combined approach - Microsoft-native security tooling plus dedicated, KnowBe4-powered awareness training - gives you layered protection rather than relying on either alone.
Optional Secondary Heading
Downloads
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Common Questions
What is a "Phish-prone percentage"?
How often should we run phishing simulations?
Most organisations see the best results from monthly or bi-monthly simulated phishing campaigns, paired with ongoing (not one-off) training content. Frequent, varied testing keeps staff alert without becoming predictable, and helps catch new starters early - new employees are consistently among the most-targeted and most-clicked groups.
Is security awareness training a legal or compliance requirement?
It isn't a standalone legal requirement, but it's a core expectation under Cyber Essentials, ISO 27001, GDPR's "appropriate technical and organisational measures," and most cyber insurance policies. Insurers increasingly ask for evidence of regular staff training before offering cover, and many will reduce premiums where a documented programme is in place.
Does this replace the need for email security tools like Microsoft Defender?
No - and it shouldn't. Awareness training and technical email security work best together. Microsoft Defender for Office 365 filters and blocks a large proportion of malicious email before it reaches an inbox; KnowBe4 training and simulation prepares your team to correctly handle the sophisticated attacks that get through. Relying on either alone leaves a gap.
Is KnowBe4 suitable for small businesses, or only larger organisations?
KnowBe4's platform scales from small teams to large enterprises. Kick tailors the training content, campaign frequency and reporting depth to the size and risk profile of your organisation, so smaller businesses aren't paying for or wading through enterprise-level complexity they don't need.
Why Kick for Cyber Security?
As a long-established provider of IT services and support, our dedicated cyber security division focuses solely on protecting your business — combining Microsoft-native security tools with specialist, human-risk training to give you complete, layered protection.
We're here to help
Whether you are ready to start your next project or simply want to learn more about Kick, our team is here to help.