KnowBe4 Security Awareness Reporting
Overview
KnowBe4 reporting provides visibility into an organization's security awareness posture through phishing simulation metrics, training completion data, and risk scores. Effective reporting translates raw data into actionable insights for security teams, management, and compliance stakeholders. This skill covers how to retrieve, interpret, and present KnowBe4 metrics.
Key Concepts
Core Metrics
| Metric | Definition | Target |
|---|
| Phish-Prone Percentage (PPP) | % of users who failed phishing tests | Below 5% after 12 months |
| Training Completion Rate | % of enrolled users who completed training | Above 95% |
| Average Risk Score | Mean risk score across all active users | Below 30 |
| Reporting Rate | % of phishing tests reported via PAB | Above 70% |
| Click-to-Report Ratio | Ratio of clicks to reports | Below 0.5:1 |
| Time to First Click | Average time from delivery to first click | Increasing over time |
Metric Interpretation Guide
Phish-Prone Percentage (PPP):
PPP = (Users who failed / Users who received test) * 100
Interpretation:
- Decreasing PPP = Training is working
- Flat PPP = Need to change training approach
- Increasing PPP = New threats, new employees, or stale training
- Sudden spike = Especially effective phishing template
Training Completion Rate:
Completion Rate = (Completed enrollments / Total enrollments) * 100
Interpretation:
- Below 80% = Enforcement issue, need manager involvement
- 80-95% = Normal range, follow up on stragglers
- Above 95% = Excellent compliance
- 100% = Verify data -- may indicate auto-completion
Risk Score Trends:
Risk Trend = Current avg risk score - Previous period avg risk score
Interpretation:
- Negative trend = Improving (good)
- Flat trend = Plateau, consider changing approach
- Positive trend = Degrading, investigate cause
Reporting Timeframes
| Timeframe | Use Case | Audience |
|---|
| Weekly | Operational monitoring, active campaign tracking | Security team |
| Monthly | Trend analysis, department comparisons | Security manager |
| Quarterly | Executive summary, compliance reporting | Leadership, auditors |
| Annual | Year-over-year progress, program justification | Board, C-suite |
Industry Benchmarks (2024)
| Metric | Small (<250) | Medium (250-1000) | Large (1000+) |
|---|
| Initial PPP | 32.4% | 30.1% | 31.5% |
| PPP after 90 days training | 17.6% | 16.4% | 15.2% |
| PPP after 12 months | 5.4% | 4.8% | 4.5% |
| Training completion | 87% | 91% | 93% |
| PAB reporting rate | 45% | 52% | 58% |
Field Reference
Account-Level Summary Fields
| Field | Type | Description |
|---|
total_users | int | Total active users |
current_risk_score | float | Organization-wide average risk score |
phish_prone_percentage | float | Organization-wide PPP |
total_phishing_campaigns | int | Total phishing campaigns run |
total_training_campaigns | int | Total training campaigns run |
Phishing Summary Fields
| Field | Type | Description |
|---|
total_campaigns | int | Number of phishing campaigns |
total_tests_sent | int | Total phishing emails delivered |
total_clicked | int | Total clicks across all campaigns |
total_reported | int | Total reports via PAB |
overall_ppp | float | Overall phish-prone percentage |
ppp_by_department | object | PPP broken down by department |
ppp_by_location | object | PPP broken down by location |
ppp_trend | array | PPP over time (monthly) |
Training Summary Fields
| Field | Type | Description |
|---|
total_campaigns | int | Number of training campaigns |
total_enrollments | int | Total user enrollments |
completed | int | Number completed |
in_progress | int | Number in progress |
not_started | int | Number not started |
past_due | int | Number past due |
completion_rate | float | Overall completion percentage |
average_time_spent | int | Average seconds spent on training |
completion_by_department | object | Completion broken down by department |
MCP Tools
| Tool | Description | Key Parameters |
|---|
knowbe4_reporting_account_summary | Get account-level summary stats | none |
knowbe4_reporting_phishing_summary | Get phishing simulation summary | start_date, end_date |
knowbe4_reporting_training_summary | Get training completion summary | campaign_id, start_date, end_date |
knowbe4_reporting_risk_overview | Get risk score overview | group_id |
knowbe4_reporting_ppp_trend | Get PPP trend over time | start_date, end_date, interval |
knowbe4_reporting_department_breakdown | Get metrics by department | metric_type |
Common Workflows
Monthly Security Awareness Report
- Get account summary for top-level metrics
- Pull phishing summary for the month
- Pull training summary for active campaigns
- Get PPP trend for the last 6 months
- Break down by department to identify problem areas
- Compare to previous month for trend direction
- Format report with key findings and recommendations
Quarterly Executive Report
- Get 3-month summary across all metrics
- Calculate quarter-over-quarter change for PPP, completion rate, risk score
- Identify top 5 highest-risk departments
- Highlight achievements (PPP improvements, 100% completion groups)
- List recommendations for next quarter
- Include industry benchmarks for context
Compliance Audit Report
- List all training campaigns for the audit period
- Get completion rates for each required training
- Identify non-compliant users (past_due or not_started)
- Document remediation actions taken for non-compliance
- Export data with timestamps for audit evidence
Risk Trend Analysis
- Pull risk score history for the organization over 12 months
- Overlay with campaign dates -- phishing tests and training launches
- Correlate risk changes with specific events
- Identify which campaigns had the most impact on risk
- Recommend optimization of campaign mix
New Client Baseline Report
- Run baseline phishing test before any training
- Record initial PPP as the starting point
- Document initial risk score distribution
- Set targets based on industry benchmarks
- Schedule follow-up assessment at 90 days
Report Templates
Executive Summary Format
SECURITY AWARENESS REPORT - [Month/Quarter]
============================================
KEY METRICS
- Phish-Prone Percentage: XX.X% (change from last period)
- Training Completion Rate: XX.X%
- Average Risk Score: XX.X
- PAB Reporting Rate: XX.X%
HIGHLIGHTS
- [Notable achievement or concern]
- [Notable achievement or concern]
DEPARTMENT RANKING (by PPP, best to worst)
1. [Department] - X.X%
2. [Department] - X.X%
...
RECOMMENDATIONS
1. [Action item]
2. [Action item]
Department Comparison Format
DEPARTMENT SECURITY AWARENESS COMPARISON
=========================================
Department | PPP | Training | Risk Score | Trend
-------------|--------|----------|------------|------
IT | 3.2% | 98% | 15.4 | ↓
Finance | 8.1% | 95% | 28.7 | ↓
Sales | 22.4% | 82% | 52.1 | →
HR | 12.7% | 91% | 35.2 | ↓
Executive | 15.3% | 88% | 41.0 | ↑
Error Handling
Common API Errors
| Code | Message | Resolution |
|---|
| 400 | Invalid date range | Use ISO 8601 format (YYYY-MM-DD) |
| 401 | Invalid API token | Verify KNOWBE4_API_KEY |
| 403 | Insufficient permissions | API t |