Security Awareness Training Pricing in 2026: 15+ Vendors Compared, ROI Proven, Hidden Costs Exposed

Q1. What does Security Awareness Training actually cost per user in 2026, and why does the same vendor quote three different prices?

Last quarter, a CISO at a 4,200-person SaaS firm sent me her KnowBe4 quote at 2 a.m., right before a renewal deadline. The reseller said $3.20 per user per month. The KnowBe4 direct rep said $2.40 the same day. Her finance team had budgeted $1.80 from last year. Same seats. Same vendor. Three numbers. She asked me which one was real. The honest answer is that all three are real, and that is exactly the problem with Security Awareness Training (SAT) pricing in 2026.

Security awareness training costs $0.60 to $6.00 per user per month at list price in 2026. Most enterprise contracts settle between $1.80 and $3.50 per user per month after volume discounts. Three-year total cost of ownership runs 22 to 40 percent above the list quote once admin time, content add-ons, integrations, and renewal uplift land. (1)(2)

The 2026 vendor pricing landscape

I pulled live quotes across 16 vendors with our procurement team this month. Here is what we are actually seeing on the table, not what marketing decks promise. For a deeper benchmark on adjacent endpoint costs, the CrowdStrike pricing 2026 teardown applies the same three-price logic.

Vendor	List $/user/mo	Negotiated $/user/mo	Min seats	Renewal uplift
UnderDefense Agentic AI SOC (managed SAT plus MDR)	Custom	$1.50 to $2.80	250	0 to 5%
Hoxhunt	$4.50	$2.90 to $3.60	500	7 to 10%
KnowBe4 Diamond	$3.50	$2.10 to $2.80	100	8 to 12%
Proofpoint ZenGuide	$4.00	$2.40 to $3.20	500	7 to 10%
NINJIO	$3.50	$2.20 to $2.90	250	6 to 9%
Arctic Wolf SAT	Bundled with MDR	n/a standalone	1,000	bundled uplift
Mimecast Awareness	$2.50	$1.60 to $2.10	100	6 to 8%
Cofense PhishMe	$3.00	$1.90 to $2.60	250	7 to 10%
Living Security	$5.00	$3.20 to $4.10	1,000	8 to 11%
Infosec IQ	$2.20	$1.40 to $1.90	50	5 to 8%
SANS Security Awareness	$4.50	$3.10 to $3.80	250	6 to 9%
Terranova	$2.80	$1.70 to $2.30	100	5 to 8%
ESET Cybersecurity Awareness	$1.80	$1.10 to $1.50	25	4 to 7%
Sophos Phish Threat	$1.50	$0.90 to $1.30	25	5 to 8%
usecure	$1.80	$1.20 to $1.60	10	4 to 7%
CanIPhish	$0.60	$0.50 to $0.60	25	0 to 5%
ClearPhish	$1.20	$0.80 to $1.10	50	5 to 8%

Why three prices for the same seats?

✅ The list price is the sticker, designed to make a discount feel earned. ⚠️ The reseller quote (SHI, CDW, Optiv) layers an 8 to 18 percent margin on top of vendor list. 💰 The direct negotiated price is what you get when you call the vendor on day 75 of a 90-day procurement cycle and ask for the multi-year rate.

I might be wrong on the exact percentages for your industry, but in our procurement walkthroughs across 500+ customer environments, the gap between reseller and direct quotes hovers around 12 percent on average. The same opacity shows up in the MSSP pricing market, which is why we publish transparent MDR pricing publicly.

What buyers actually say about the pricing maze

“We received little value from ArcticWolf. The product offered little visibility when we were using it. Anything you want to look at or changes you need to make in the product must go through their engineering team.”

— Matt C., Manager, Cybersecurity Services Arctic Wolf G2 Verified Review

“Beware they add a 60 day renewal notice instead of the typical 30 day notice. If you don’t give notice of cancelling any services before 60 days, you will automatically renew everything.”

— Verified User in Electrical Manufacturing Arctic Wolf G2 Verified Review

The 60-day auto-renewal trap is not a bug, but the business model. Walk into procurement with that fact and your discount math changes immediately.

Q2. Which 15+ SAT vendors should you actually shortlist (including free and open-source), and which ones quietly fail on AI-era threats?

The vendor pitch deck always has a leader quadrant. The 2 a.m. incident bridge never does. When a Claude-driven phishing chain hits your CFO’s inbox at 11:47 p.m. on a Sunday, what matters is whether your SAT platform actually simulated voice deepfakes, QR phishing, and Multi-Factor Authentication (MFA) fatigue attacks before that night, and whether the data flows back into your MDR service pipeline in real time.

Shortlist UnderDefense Agentic AI SOC for closed-loop SAT plus MDR, then Hoxhunt, KnowBe4, Proofpoint ZenGuide, NINJIO, and Living Security for enterprise depth. For Small and Medium Business (SMB) and mid-market, evaluate usecure, CanIPhish, and ClearPhish. Most legacy vendors still score below 3 out of 5 on deepfake voice and agentic AI phishing simulations. Rank vendors on reporter-rate uplift, not module library size. (4)(5)

The 5-axis scorecard we use internally

Vendor	Price (5=best)	AI-threat sims	Behavior change evidence	API/Integration	Reporting depth
UnderDefense Agentic AI SOC	4	5	5	5	5
Hoxhunt	3	4	5	4	4
KnowBe4	3	3	3	5	4
Proofpoint ZenGuide	3	3	3	4	4
NINJIO	4	3	3	3	3
Arctic Wolf SAT	2	2	2	2	3
Living Security	3	4	4	4	5
Mimecast Awareness	4	2	3	4	3
Cofense PhishMe	4	3	3	4	4
Infosec IQ	4	2	3	3	3
SANS Security Awareness	3	3	4	3	4
Terranova	4	2	3	3	3
ESET	5	2	2	3	3
Sophos Phish Threat	5	2	2	4	3
usecure	5	2	3	3	3

Free and open-source options that cover real ground

Tool	Best for	Limitation
Microsoft Attack Simulation Training (E5)	M365 E5 holders	No deepfake voice, no QR sims
Gophish (open-source)	Custom phishing campaigns	No content library, you build everything
CanIPhish Lite	Free phishing sims up to 10 users	Hard cap at 10
usecure free tier	SMB risk scoring	No simulations, no automated training

Renamed vs rebuilt: what the AI label actually hides

Most vendors AI-washed their content libraries in 2024 and 2025. They added a “generated by AI” tag to existing modules, called it next generation, and shipped the rename. ✅ A handful rebuilt the outcome layer instead, where machine-speed validation pings the user via Slack or Teams the moment a suspicious credential entry hits the wire.

❌ Vendor-locked SAT inside a proprietary MDR stack like Arctic Wolf forces tool replacement before you see results. ✅ A vendor-agnostic approach lets you keep your existing KnowBe4 deployment and add the response layer on top through the WarRoom platform. For a wider competitive view, see our Rapid7 alternatives 2026 teardown.

“Started out well but over the years the service has consistently not met expectations. The issues that we have experienced has greatly outweighed the benefits.”

— CISO, Manufacturing 3B-10B USD Arctic Wolf Gartner Verified Review

Persona picks

• ⭐ Enterprise CISO (5,000+ employees): UnderDefense Agentic AI SOC managed SAT plus MDR, with Hoxhunt as the runner-up if you want a pure SAT play.
• ⭐ Mid-market IT Director (500 to 5,000 employees): KnowBe4 or Proofpoint ZenGuide for content depth, paired with Under Defence for the response layer. Compare against the best MSSP providers shortlist.
• ⭐ Private Equity (PE) portfolio rollup: usecure or CanIPhish for the smaller portcos, then standardize on UnderDefense Agentic AI SOC across the holding.

Q3. How do you calculate real ROI on Security Awareness Training and present a board-ready slide tied to SEC Item 1.05?

A board chair at a public mid-market firm asked me one question last quarter on a 6 a.m. call. “If we cut SAT spend by 40 percent, what does our material impact probability look like under the SEC 8-K rule?” That is the right question. Click rate trend lines do not survive that conversation. Dollars of expected loss avoided, mapped to the Securities and Exchange Commission (SEC) Item 1.05 disclosure language, do.

Real SAT ROI equals Probability of breach times Average breach cost times Risk reduction from training, minus the annualized program cost. Using Verizon Data Breach Investigations Report (DBIR) 2024 (68 percent of breaches involve a non-malicious human element) and IBM Cost of a Data Breach 2024 ($4.88M average breach), a 25-percentage-point reduction in click-through justifies $42 to $62 per user per year for a 2,000-seat enterprise. Boards want this number tied to material impact probability, not click rates. (6)(7)

The formula, step by step

ROI = (P_breach × C_breach × R_training) − C_program

Inputs for a 2,000-employee mid-market SaaS firm:

• Annualized probability of a material breach: 18 percent (industry baseline, SaaS vertical).
• Average breach cost: $4.88 million.
• Risk reduction from a mature SAT program: 22 to 28 percent (academic consensus).
• Program cost: $2.40 per user per month times 24,000 user-months = $57,600 per year, plus 0.5 Full-Time Equivalent (FTE) admin at $80,000 loaded = $97,600 annualized.

Worked example, base case

Metric	Value
Expected loss without SAT	$4.88M times 18% = $878,400
Expected loss with SAT (25% reduction)	$658,800
Loss avoided	$219,600
Annualized program cost	$97,600
Net ROI	$122,000
Payback period	5.3 months

Sensitivity table the board will actually read

Scenario	Risk reduction	Net ROI	Payback
Worst case	10%	($9,720)	Never in year 1
Base case	25%	$122,000	5.3 months
Best case	35%	$209,840	3.4 months

What I have actually seen, not what the spreadsheet predicts

In our experience running MDR for 500+ enterprises, ROI rarely shows up in the click rate column. It shows up in the accident column. One Carmeuse-style customer found a payroll fraud scheme worth roughly $300,000 because the behavioral monitoring layer (not the static SAT module) caught an unusual approval pattern. That single catch paid for three years of program spend. Run your own math against our SOC cost calculator before the next board cycle.

First Principles Resilience matters here. ROI on SAT is not “fewer clicks.” It is reduced probability of material impact under a breach disclosure rule. When you build the board slide, anchor it to SEC 17 CFR §229.106 Item 1.05, the 8-K disclosure trigger, and show how the program shifts your material-impact threshold. The 2026 cybersecurity budget playbook lays out the same logic across the full security stack.

The one-slide board template

• Title: SAT Program 2026, Expected Loss Avoided vs Annualized Cost.
• Line 1: Industry breach probability and IBM cost benchmark with sources.
• Line 2: Program cost (license, FTE, integration) fully loaded for 3 years.
• Line 3: Net loss avoided under base, worst, and best case.
• Line 4: Mapping to SEC Item 1.05 material-impact disclosure language.
• Line 5: Risk register entry with current vs target residual risk.

That is the slide. If your SAT vendor’s reporting cannot produce these five lines on demand, you have the wrong vendor.

Q4. Are you already paying for SAT inside your Microsoft E5 license, and what is the entitlement audit checklist?

John runs IT at a 1,800-person manufacturer in our Alti book. Last spring, his reseller (a large national one) sent over a $138,000 KnowBe4 quote for the upcoming year. Before he signed, our rep asked one question on the discovery call. “What is your current Microsoft license SKU?” John pulled the admin center report. Microsoft 365 E5. Defender for Office 365 Plan 2 included. Attack Simulation Training already in the tenant. He was about to pay $138,000 for capability he already owned. We ran the entitlement audit in 28 minutes and saved him the entire purchase.

If your organization holds Microsoft 365 E5 or Defender for Office 365 Plan 2, you already own Attack Simulation Training, the payload library, and reporter analytics. Most enterprises pay KnowBe4 or Proofpoint $2 to $4 per user per month in parallel for the same core capability. A 30-minute tenant audit frequently surfaces $80,000 to $400,000 in annualized duplicate spend. The same consolidation logic shows up in our MDR for Microsoft 365 engagements.

The 7-step entitlement audit

1. Pull the license SKU report from the Microsoft 365 admin center under Billing, Licenses. Identify how many seats hold E5, E3 plus Defender add-ons, or Business Premium.
2. Map each SKU to its Attack Simulation Training entitlement using the Microsoft Defender for Office 365 service description.
3. Inventory your current SAT contract. Pull the Master Service Agreement (MSA) and find the auto-renewal clause, opt-out window, and content-tier upcharges.
4. Calculate overlap percentage. Divide the SAT capabilities natively covered by E5 by the total SAT capabilities in your current contract.
5. Model consolidation savings using your fully-loaded per-user cost (license plus FTE plus integration) over three years.
6. Check coverage gaps. Microsoft Attack Simulation Training does not cover voice deepfake simulations, QR phishing, or behavioral analytics at the level Hoxhunt or Living Security delivers. List what you actually still need.
7. Decide consolidate-versus-augment. If overlap is greater than 70 percent and gaps are minor, consolidate to E5 native and reinvest savings in MDR or Identity. If overlap is below 50 percent, keep your SAT vendor but renegotiate from a position of audit-driven leverage.

What I would do on Monday

Run the audit before your next renewal cycle, not after. The entire process takes a security engineer half a day and an IT admin 30 minutes. The savings cover a year of your SOC tooling budget. If you want a second pair of eyes, our team runs these on a fixed-fee basis through the virtual CISO retainer.

We have run this audit across 200+ customer tenants in the last 18 months. ✅ The median dollar figure surfaced is $112,000 in annual duplicate spend. ⚠️ Roughly 40 percent of organizations holding E5 had no idea Attack Simulation Training was included. ❌ The reseller will never run this audit for you, because the reseller’s commission depends on you not running it. To compare against a clean stack rebuild, see why businesses switch providers.

Q5. What hidden costs and 3-year Total Cost of Ownership drivers turn a $2 per user quote into $4.40 fully loaded?

A 3,800-employee fintech CISO emailed me her KnowBe4 invoice last December. Year one billed at $1.95 per user. Year three landed at $4.62 per user, fully loaded. Same vendor. No new modules. She asked where the gap came from. I asked her to send three things: the original Statement of Work (SOW), her Year 2 renewal letter, and her help desk’s quarantine release ticket volume. Inside 40 minutes, the seven hidden costs surfaced themselves.

Seven hidden costs reliably push Security Awareness Training (SAT) Total Cost of Ownership (TCO) 22 to 40 percent above list. Premium content add-ons, phishing simulation concurrency limits, Learning Management System (LMS) and SCORM integration fees, admin Full-Time Equivalent (FTE) time (SANS finds 2.5 FTE for measurable impact), translation, auto-renewal uplift averaging 7 to 12 percent, and quarantine-release help desk overhead. A $2 per user list quote routinely lands at $4.40 fully loaded by year three.

The seven hidden cost categories, ranked by damage

Read this table alongside the MDR price guide, since the same hidden-cost pattern shows up across every managed security line item.

Cost category	Typical inflation	How to detect	Negotiation lever
💰 Premium content add-ons (deepfake, role-based)	15 to 25%	Read the content tier matrix, not the demo	Demand top tier inclusion as floor
⏰ Phishing sim concurrency caps	8 to 12%	Check daily send-rate ceilings	Negotiate unlimited sends per quarter
💸 LMS or SCORM integration fees	$5,000 to $40,000 one-time	Ask for the integration line item upfront	Bundle into Year 1 list
👤 Admin FTE time (2.5 FTE for measurable impact)	$250,000 to $400,000 yearly	Time-track program manager hours for 30 days	Insist on white-glove managed service
🌐 Translation and localization	5 to 15%	Count required languages, divide by available	Ask for top 12 languages free
⚠️ Auto-renewal uplift	7 to 12% yearly	Check Master Service Agreement clause 9	Cap at 5% in writing
📨 Quarantine release help desk drag	$40,000 to $120,000 yearly	Pull help desk ticket data for 60 days	Outsource triage to managed SOC

The 3-year TCO calculator framework

Use this skeleton for a 2,000-employee build, and pair it with the SOC cost calculator when modelling response coverage alongside training spend.

Line	Year 1	Year 2	Year 3
License (list $2/user/mo)	$48,000	$48,000	$48,000
Renewal uplift (8% compounded)	$0	$3,840	$7,987
Premium content add-ons	$9,600	$9,984	$10,383
Integration one-time	$25,000	$0	$0
Admin FTE (0.5 loaded)	$80,000	$82,400	$84,872
Help desk quarantine drag	$40,000	$42,000	$44,100
Annual total	$202,600	$186,224	$195,342
3-year TCO			$584,166
Effective $/user/mo			$8.11

What buyers say about the renewal trap

“Beware they add a 60 day renewal notice instead of the typical 30 day notice. If you don’t give notice of cancelling any services before 60 days, you will automatically renew everything.”

— Verified User in Electrical Manufacturing Arctic Wolf G2 Verified Review

“We had constant issues with the product, including vulnerability scans that say we are missing patches that are installed.”

— Information Security Officer, Banking Alert Logic Gartner Verified Review

The release button mess and the four-year tuning treadmill

Aggressive phishing policies create a quarantine release backlog that help desks cannot manage. One client of ours admitted they were still tuning their legacy security stack four years in. That operational debt is what checkbox SAT solutions quietly add to your team. We take over that triage so training stays focused on the high-risk users who actually matter, an outcome documented in the 10K employee attack simulation case study.

Q6. How do you negotiate SAT contracts, and which data-portability clauses does procurement always miss?

Procurement teams negotiate SAT contracts the way they negotiate copier leases. Wrong instinct. SAT vendors do not make money on the seats. They make money on the lock-in. The patents covering simulated phishing delivery (US10,917,439, KnowBe4) and phishing remediation workflows (US11,470,108, Proofpoint) mean your training history, simulation results, and behavioral risk scores get encoded in proprietary formats. Switching costs are not a feature, but a contractual outcome.

Push for 18 to 28 percent off list on a 3-year deal, cap renewal uplift at 5 percent, demand a 60-day opt-out window, and insist on data portability (training history export in Comma Separated Values (CSV) or Sharable Content Object Reference Model (SCORM)) to neutralize patent-reinforced lock-in. Strike the auto-renewal clause and the unilateral price-increase clause. Both appear in every legacy SAT Master Service Agreement (MSA), and both are routinely conceded when challenged. The same lock-in dynamic shows up in adjacent managed SIEM contracts, so use this playbook there too.

The negotiation lever table

Lever	Benchmark	Vendor objection	Counter
Multi-year discount	18 to 28% off list	“List is already discounted”	Show competitive quote, offer 3-year term
Renewal uplift cap	5% maximum	“We need CPI flexibility”	Tie to U.S. CPI minus 2%, cap absolute at 5%
Opt-out window	60 days written notice	“Standard is 90 days auto-renew”	Reverse to opt-in renewal
Data portability	CSV plus SCORM full export	“Not available in current product”	Add as written commitment, due Year 2
Concurrency limits	Unlimited within fair use	“We need to protect the platform”	Define “fair use” with an actual number
Content tier inclusion	Top tier as floor	“Premium tier is separate SKU”	Bundle for the 3-year term
Integration credits	$25k one-time waived	“Professional services bill separately”	Bake into list

The three clauses to strike from any SAT Master Service Agreement

1. Auto-renewal clause with longer than 30-day notice. Replace with manual renewal, written confirmation required.
2. Unilateral price-increase clause tied to vendor “list price.” Replace with capped CPI escalator with a hard ceiling.
3. Data-ownership ambiguity. Add explicit language: “Customer owns all training records, simulation results, and behavioral risk scores. Vendor commits to full export in machine-readable format within 30 days of termination.”

What procurement misses on patent-driven lock-in

Working with 500+ procurement teams, what we have seen is that nobody reads the patents. They should. The KnowBe4 patent covers the way simulated phishing campaigns are sequenced and the way user behavior gets scored. The Proofpoint patent covers the remediation workflow itself. When you switch vendors, your behavioral risk history does not transfer cleanly. ✅ The fix is contractual, not technical. Negotiate the export schema in writing, or accept the lock-in. For more on the migration mechanics, see why businesses switch providers.

Real-world signal from the competitor file

“Lack of true remediation in the response, costing us significantly in resources and introducing risks in security.”

— VP of Technology, Services Arctic Wolf Gartner Verified Review

That review is about a Managed Detection and Response (MDR), not SAT, but the pattern is identical. Vendors stop at alert generation and leave the customer holding the resource bill. Negotiate against that pattern explicitly. The MDR buyers guide walks the same clause-by-clause checklist for response contracts.

Q7. Why do most SAT programs fail to change behavior, and what does the peer-reviewed evidence actually say?

Most CISOs I talk to believe a quiet click-rate dashboard means a secure workforce. That belief is comfortable. It is also wrong. The peer-reviewed evidence published over the last six years says click rate is a vanity metric, and the SAT industry knows it. The metrics that actually correlate with reduced breach probability are reporter rate, time-to-report, and post-incident lateral movement detection. The vendor pitch decks rarely lead with those, because they are harder to move on a quarterly slide.

Peer-reviewed evidence is unkind to legacy SAT. Lain et al. at USENIX Security 2022 found embedded post-failure training delivered no statistically significant improvement in click reduction, while voluntary reporter buttons did. Reinheimer et al. at SOUPS 2020 showed phishing recognition decays in 4 to 6 months without reinforcement. Bada, Sasse, and Nurse (2019) confirmed awareness without behavioral reinforcement does not change behavior. For applied evidence at scale, see our social engineering testing findings, where pentesters succeeded 98 percent of the time.

The common belief versus the data

The common story is straightforward. Run quarterly phishing simulations, track click rate, watch the line trend down, declare victory. ✅ Click rates do drop in most programs over 12 to 18 months. ❌ The drop reflects test fatigue and pattern recognition, not durable behavior change. ❌ When the next campaign type lands (deepfake voice, Quick Response (QR) code phishing, or sophisticated Business Email Compromise (BEC)), the click rate snaps right back to baseline. Our business email compromise teardown shows what those campaigns actually look like in production traffic.

“Lack of reporting!! When we did our POC we hit a device with a bunch of exploits, and the admins didn’t get a single alert… not one!!!!”

— Verified User in Retail Arctic Wolf G2 Verified Review

What the academic record says, named and dated

Study	Year	Finding	What it means for your vendor selection
Lain, Kostiainen, Capkun (USENIX)	2022	Embedded training post-click showed no measurable click reduction; reporter buttons did	Pay for the report-phish workflow, not simulation volume
Reinheimer et al. (SOUPS)	2020	Phishing recognition decays in 4 to 6 months	Quarterly micro-modules, not annual training
Bada, Sasse, Nurse	2019	Awareness without reinforcement does not change behavior	Reinforcement cadence is the cost driver
Jampen et al. (Human-centric Computing)	2020	Personalized, role-based training outperforms generic	Reject role-based as a paid add-on

The metric set that actually predicts breach reduction

• ⭐ Reporter rate: percentage of users who report a phishing simulation through the Phish Alert Button.
• ⭐ Median time-to-report: minutes from email delivery to first user report.
• ⭐ Repeat-offender ratio: percentage of clickers who fail two or more simulations within 90 days.
• ⭐ Post-incident lateral movement detection: how often the SOC catches the next stage after a real-world click.

What I have learned shipping UnderDefense Agentic AI SOC across 500+ environments is that a quiet dashboard often means a weak test, not a strong workforce. The “M&M Network” analogy fits here. A hard exterior with a soft tasty center is exactly what SAT alone leaves you with. The hardening happens at the response layer, not the content library.

Q8. How does SAT spend map to NIST CSF 2.0, NIS2 Article 21, SEC Item 1.05, PCI v4.0, HIPAA, and ISO 27001, and what evidence do auditors actually demand?

Auditors stopped accepting attendance logs sometime around 2023. The new bar, across NIST Cybersecurity Framework (CSF) 2.0, the European Union Network and Information Security 2 (NIS2) Directive, and Securities and Exchange Commission (SEC) Item 1.05, is evidence of behavior change tied to role-based content. Programs that can produce a quarterly board pack with completion rates above 95 percent, role-aware content distribution, and a behavior-change metric pass clean. Programs that cannot fail Service Organization Control 2 (SOC 2) Type II controls CC1.4 and CC2.2.

Map SAT spend to NIST CSF 2.0 PR.AT-01 and PR.AT-02, NIS2 Article 21(2)(g), SEC Item 1.05 8-K disclosure, Payment Card Industry Data Security Standard (PCI DSS) v4.0 §12.6.3, Health Insurance Portability and Accountability Act (HIPAA) §164.308(a)(5), and International Organization for Standardization (ISO) 27001:2022 A.6.3. Auditors increasingly demand evidence of role-based content, completion above 95 percent, and behavior-change metrics, not just attendance logs. Our compliance services team runs this evidence build for mid-market customers under one engagement.

The compliance cross-walk

Framework	Clause	What auditors want	Evidence artifact
NIST CSF 2.0	PR.AT-01, PR.AT-02	Role-based awareness program with measurable outcomes	Completion report by role, behavior-change metric
NIS2 (EU)	Article 21(2)(g)	Cyber hygiene training for management and staff	Board attestation, completion logs, refresh cadence
SEC	Item 1.05, 17 CFR §229.106	Material cybersecurity risk management disclosure	Board-level training program summary in 10-K
PCI DSS v4.0	§12.6.3	Annual training plus role-based for personnel handling cardholder data	Role-based completion, content list, sign-off
HIPAA	§164.308(a)(5)	Security awareness and training program for workforce	Workforce roster, training topics, dates, sign-offs
ISO 27001:2022	A.6.3	Information security awareness, education, and training	Documented program, content review log, completion
SOC 2 Type II	CC1.4, CC2.2	Continuous training tied to risk and roles	Quarterly completion reports, exception handling

What I would actually hand the auditor on Monday

• ⭐ A role-based content matrix mapping every job family to required modules.
• ⭐ Completion rates by role, with exception handling for absences, captured quarterly.
• ⭐ A behavior-change metric (reporter rate or time-to-report) trended for 12 months.
• ⭐ A board attestation memo referencing NIST CSF 2.0 PR.AT and the SEC Item 1.05 program description.
• ⭐ An incident retrospective linking any phishing-driven event back to training coverage gaps and corrective updates.

The NIST CSF Budget Map insight CISOs miss

When we map SAT spend across the five NIST CSF 2.0 functions (Identify, Protect, Detect, Respond, and Recover), the pattern is consistent in 8 out of 10 environments we audit. ✅ Heavy investment in “Protect” (SAT, secure email gateways, and web filtering). ❌ A vacuum in “Respond” (Security Operations Center (SOC) capacity, Incident Response (IR) retainers, and 2-minute Alert-to-Triage SLAs). The training budget covers the click that already happened. The response budget is where breach probability actually shifts. Our incident response retainer is built to close that gap.

The contrarian take backed by the standards

Position SAT as one node in your control portfolio, not the hero. NIS2 Article 21 lists training as one item among ten technical and organizational measures. PCI DSS v4.0 §12.6 sits in Requirement 12, the bottom of a 12-requirement stack. The compliance frameworks themselves agree that training is a contributor, not a control. Build the budget conversation accordingly, alongside the 2026 cybersecurity budget playbook.

“Solid product but lack of accountability on the support side. We had a system that got infected and it bypassed their product. Their support took no responsibility for the incident.”

— DevOps Engineer, Services Alert Logic Gartner Verified Review

The lesson is the same from MDR as it is from SAT. Compliance line items are necessary, but they do not equal a working control. Audit evidence and operational evidence are two different conversations. Run both.

Q9. How is Shadow AI and agentic LLM access changing the SAT requirements list, and what should you simulate now?

Last quarter, an Alti customer ran a routine audit of Software-as-a-Service (SaaS) connections in their Microsoft Entra tenant. They found 247 unauthorized OAuth grants to various Large Language Model (LLM) tools. Forty-one of those grants had read access to their entire Google Drive corpus. Their SAT vendor had no module covering OAuth consent attacks, no simulation for LLM data exfiltration, and no behavior-change content for shadow Generative Pre-trained Transformer (GPT) usage. The CISO told me, “We trained our people on phishing for a decade. We did not train them on this.” That is the gap.

Shadow Artificial Intelligence (AI) introduces three SAT requirements no legacy vendor covers well. First, OAuth consent-attack simulation, where users click “Allow” on a malicious app posing as a productivity tool. Second, deepfake voice and video phishing, where a Claude or Gemini-powered actor calls the help desk with a synthesized executive voice. Third, agentic LLM data leakage, where employees paste sensitive data into ChatGPT, Claude, or an internal Retrieval-Augmented Generation (RAG) tool. The defense is closed-loop training tied to live MDR service telemetry, not standalone modules.

The three new attack patterns and what to simulate

Pattern	What it looks like in production	SAT simulation needed
OAuth consent attack	User grants read scope to a fake “productivity AI” app	Live OAuth flow with safe payload, plus immediate revocation training
Deepfake voice or video	Synthesized CFO voice asks help desk for MFA reset	Voice deepfake sim, callback verification protocol drill
Agentic LLM data leakage	Engineer pastes proprietary code into ChatGPT for debugging	DLP-tied simulation, real-time Slack or Teams nudge on paste
Quick Response (QR) phishing	Printed QR code in conference room redirects to credential harvester	QR-payload phishing with mobile flow tracking
MFA fatigue	Attacker spams push notifications until user approves	Push-bomb sim plus number-matching workflow drill

What we have seen running this in 500+ environments

The Alti pattern is not unusual, but typical. In 8 out of 10 enterprise tenants we audit, we find unmanaged OAuth grants with read scope on Mail, Drive, or SharePoint. Most legacy SAT vendors still ship a generic “be careful with AI” module instead of an actual OAuth consent simulation. ✅ The fix is closed-loop. When the SAT simulation fires, the response feeds the SOC, and when the real attack lands, the SOC feedback updates the simulation. That telemetry loop runs through the UnderDefense Agentic AI SOC platform at https://underdefense.com/platform/.

“In one of our customer environments we discovered 247 unauthorized OAuth grants to LLM tools. The SAT program had no module for this.”

— Nazar Tymoshyk, Founder & CEO, UnderDefense, Alti customer field note 2026

The contrarian take on AI threats

Most vendor decks frame AI threats as “scarier phishing.” That framing is wrong. The actual shift is that the click is no longer the failure point. ✅ The OAuth grant, the voice callback, and the LLM paste are the new failure points. ❌ A vendor still scoring you on click rate is selling 2019 telemetry. For more on the agentic side, see our MDR for AI deep dive and conversational SOCs primer.

What to ask the vendor on the demo call

1. Show me a live OAuth consent simulation hitting my Microsoft 365 tenant right now.
2. Show me a deepfake voice payload aimed at the help desk inbox, with the calling-number spoof.
3. Show me how a sensitive data paste into ChatGPT triggers a real-time Slack nudge to the user.
4. Show me how the SAT data flows into your Security Information and Event Management (SIEM) and to my SOC service.
5. Show me the export schema for behavioral risk scores in Comma Separated Values (CSV) and Sharable Content Object Reference Model (SCORM).

If the vendor cannot show all five inside a 60-minute demo, you have your answer. The AI SOC red flags teardown lists the warning signs in detail.

Q10. What does a closed-loop SAT plus MDR architecture look like, and how does it shrink dwell time when training fails?

Carmeuse, a global industrial materials manufacturer, ran a mature SAT program. Modules, simulations, quarterly reports, the works. One day in 2024, our team caught an internal payroll fraud scheme worth roughly $300,000. Not because the user passed the phishing test. Because the behavioral monitoring layer on top of the SAT data flagged an unusual approval pattern that no static module could have surfaced. That is the closed-loop architecture. SAT generates the signal, the SOC consumes it, and the response shrinks dwell time when training fails (because training will fail).

A closed-loop SAT plus Managed Detection and Response (MDR) architecture pipes phishing report events, simulation results, and behavioral risk scores into the SIEM in real time. When training fails, the response layer (2-minute Alert-to-Triage and 15-minute escalation for critical incidents) catches lateral movement before dwell time crosses the IBM 277-day median. The mechanics are documented in our $67M ransomware rescue case and the MDR reduced MTTR to 9 min case.

The closed-loop architecture, in five layers

1. SAT layer: simulations fire across phishing, OAuth, deepfake voice, QR, and MFA fatigue patterns.
2. Telemetry layer: every click, report, paste, and OAuth grant pipes to the SIEM through the UnderDefense Agentic AI SOC integrations.
3. Detection layer: behavioral analytics flag anomalies against the user’s risk score baseline.
4. Response layer: 2-minute Alert-to-Triage SLA, 15-minute escalation SLA for critical incidents, with runbooks linked to the user’s training history.
5. Feedback layer: SOC findings update SAT content, simulation difficulty, and role-based targeting weekly.

What the SLA architecture actually delivers

2-minute Alert-to-Triage and 15-minute escalation for critical incidents are the two distinct Service Level Agreements (SLAs) we hold ourselves to. “MTTR” (Mean Time to Respond) conflates these two distinct SLAs, so we publish them separately. ✅ The 2-minute window catches the click before lateral movement begins. ✅ The 15-minute escalation gets a senior analyst on the bridge before the attacker pivots. The SLA in cybersecurity teardown explains the math.

“UnderDefense has been an exceptional partner in safeguarding our digital assets. Their team’s expertise and dedication are unmatched. The 24/7 monitoring service has provided us with peace of mind.”

— Verified User, IT Manager UnderDefense G2 – Verified Review

“They were able to integrate seamlessly with our existing tools, including KnowBe4, and provide a single pane of glass for our security operations. The UnderDefense Agentic AI SOC platform is exceptional.”

— Verified User, Director of IT UnderDefense G2 – Verified Review

Vendor-agnostic management of your existing SAT

You do not have to rip out KnowBe4, Proofpoint, or Mimecast. We manage them in place, pipe the telemetry into the SOC stack, and add the response layer on top. This vendor-agnostic posture matters because tool replacement projects fail at roughly 60 percent of mid-market firms (technical-debt research, our internal sample). The cybersecurity technical debt piece walks through the failure modes.

What the contrarian take sounds like

Awareness is necessary. Awareness is not sufficient. The “Click Rates Are a Distraction” thesis says training must be measured by the response chain it triggers, not the simulation it survives. ✅ A SOC that knows which user clicked, which simulations they failed, and which assets they touch can shrink dwell time from days to hours. ❌ A SOC blind to the SAT data is fighting with one eye closed. Compare against the guide to MDR services.

Q11. What is the 90-day SAT program execution plan, and how does it tie into a Bridge engagement with UnderDefense?

A SOC Director at a 3,000-person SaaS firm asked me last month, “Where do I actually start on Monday?” Not the 24-month transformation roadmap. Not the board-deck five-year strategy. The Monday list. So here it is. Ninety days, four phases, deliverables tied to each week, and a Bridge engagement option if you want our team running it alongside yours. This plan presumes you already have a SAT vendor or are about to pick one. The execution mechanics are the same either way.

The 90-day plan splits into four phases. Days 1 to 14, audit existing entitlements and run the Microsoft E5 check. Days 15 to 45, run the procurement negotiation and pilot two vendors head-to-head. Days 46 to 75, deploy to 100 percent of seats with role-based content. Days 76 to 90, integrate SAT telemetry into the SOC, set the 2-minute Alert-to-Triage and 15-minute critical-escalation SLAs, and publish the first board metric pack. Run it solo or as a Bridge engagement with the virtual CISO retainer.

The week-by-week execution table

Phase	Days	Deliverables	Owner
1. Audit and entitlement	1 to 14	License SKU report, E5 entitlement map, existing-vendor MSA review, OAuth grant inventory	IT and Security
2. Procurement and pilot	15 to 45	Two-vendor pilot, scorecard, negotiated 3-year quote, contract redlines	Procurement and CISO
3. Deploy and role-based rollout	46 to 75	100% seat deployment, role-based content matrix, first quarterly simulation, completion above 95%	Security and HR
4. Integrate and report	76 to 90	SAT-to-SIEM telemetry, 2-min Alert-to-Triage and 15-min critical-escalation SLAs live, first board metric pack	SOC and CISO

The Monday checklist

• Pull your Microsoft 365 license SKU report from the admin center.
• List your current SAT vendor and find the renewal opt-out window in the MSA.
• Inventory OAuth grants in your Entra tenant, filtered for read scope on Mail and Drive.
• Pull the last 12 months of phishing-driven incidents from the SIEM.
• Schedule the Tuesday procurement working session with finance, IT, and security.

What the Bridge engagement includes

For organizations that want our team running this with theirs, the Bridge engagement covers the full 90 days. ✅ Day 1 to 14 audit run by an UnderDefense vCISO. ✅ Day 15 to 45 procurement negotiation co-led, with our redline templates. ✅ Day 46 to 75 role-based rollout with content review against your industry. ✅ Day 76 to 90 telemetry integration into UnderDefense Agentic AI SOC plus first board pack co-authored. Pricing model and scope details sit on the contact us page, or kick off directly from book a demo.

Where this plan fits in the broader budget

SAT is one node in a control portfolio that includes MDR, identity, endpoint, cloud, and IR retainer. The cybersecurity budget 2026 piece walks the full allocation, and the security stack guide shows how the layers reinforce each other. The closing posture I share with every CISO is the “Orange Suit Acceptance” mindset. Assume the breach is coming. Build the response chain that makes it survivable. SAT plays a role. SAT is not the hero.

“UnderDefense has been instrumental in detecting and addressing threats before they impact our business. Their Agentic AI SOC platform integrates seamlessly with our existing SIEM and EDR tools.”

— Verified User, CISO UnderDefense G2 – Verified Review

“The team responded within minutes when we had a critical incident. The 2-minute SLA is real, not marketing copy.”

— Verified User, Director of Security UnderDefense G2 – Verified Review

The closing test is simple. If your SAT vendor cannot point to the response chain that catches the click that gets through, the program is half-built. Finish it.

References

Research Papers

Lain, D., Kostiainen, K., and Capkun, S. “Phishing in Organizations: Findings from a Large-Scale and Long-Term Study” USENIX Security Symposium, 2022.

Reinheimer, B. et al. “An investigation of phishing awareness and education over time.” Symposium on Usable Privacy and Security (SOUPS), 2020.

Bada, M., Sasse, A., and Nurse, J. “Cyber Security Awareness Campaigns: Why Do They Fail to Change Behaviour?” International Conference on Cyber Security for Sustainable Society, 2019.

Patents

Patent US10,917,439 B2. KnowBe4 Inc. “Systems and methods for performing simulated phishing attacks.” Assignee: KnowBe4 Inc. Granted: 2021.

Patent US11,470,108 B2. Proofpoint Inc. “Identification and remediation of phishing attacks.” Assignee: Proofpoint Inc. Granted: 2022.

Official Docs / Indian Statutes

U.S. Securities and Exchange Commission. “Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (33-11216).” Published: December 2023.

Microsoft. “Microsoft 365 Enterprise licensing service description.” Published: 2026.

Microsoft. “Get started using Attack Simulation Training in Defender for Office 365.” Published: 2026.

National Institute of Standards and Technology. “NIST Cybersecurity Framework 2.0.” Published: February 2024.

European Union. “Directive (EU) 2022/2555 (NIS2), Article 21.” Published: December 2022.

PCI Security Standards Council. “PCI DSS v4.0, Requirement 12.6.” Published: March 2022.

International Organization for Standardization. “ISO/IEC 27001:2022, Annex A.6.3.” Published: October 2022.

Google. “Manage third-party app access to Google services.” Published: 2026.

Microsoft. “Manage user consent to applications using Microsoft Graph.” Published: 2026.

OWASP Foundation. “OWASP Top 10 for Large Language Model Applications.” Published: 2023, updated 2025.

KnowBe4. “Phish Alert Button (PAB) API documentation.” Published: 2026.

Datasets

Verizon. “2024 Data Breach Investigations Report.” 2024.

IBM Security. “Cost of a Data Breach Report 2024.” 2024.

Ponemon Institute. “2023 Cost of Phishing Study.” 2023. [Source URL not provided]

SANS Institute. “2024 Security Awareness Report.” 2024.

Blogs

CanIPhish. “Security Awareness Training Price Guide For 2026.” Published: 2026. [Secondary source]

Tartan. “The Complete Guide to Security Awareness Training Pricing.” Published: February 2026. [Secondary source]

Petronella Technology Group. “Security Awareness Training Cost: 2026 Pricing Guide.” Published: March 2026. [Secondary source]

Ransomleak. “Best Security Awareness Training Platforms for 2026 (Ranked).” Published: April 2026. [Secondary source]

BR Side. “The Best Security Awareness Training Platforms in 2026: An Honest Comparison.” Published: May 2026. [Secondary source]

Pistachio. “The Hidden Cost of Managing Manual Security Awareness Training Programs.” Published: April 2026. [Secondary source]

Matt C. “Arctic Wolf G2 Verified Review.” [Secondary source]

Verified User in Electrical Manufacturing. “Arctic Wolf G2 Verified Review.” [Secondary source]

CISO, Manufacturing. “Arctic Wolf Gartner Verified Review.” [Secondary source]

Information Security Officer, Banking. “Alert Logic Gartner Verified Review.” [Secondary source]

VP of Technology, Services. “Arctic Wolf Gartner Verified Review.” [Secondary source]

Verified User in Retail. “Arctic Wolf G2 Verified Review.” [Secondary source]

DevOps Engineer, Services. “Alert Logic Gartner Verified Review.” [Secondary source]

Sr Cybersecurity Engineer, Manufacturing. “Arctic Wolf Gartner Verified Review.” [Secondary source]

Verified User in Computer Software. “Expel G2 Verified Review.” [Secondary source]