Vote for LUCY at the Cyber Security Awards 2018

Help us with one click! Cyber Security Awards 2018

We ask you for support: Vote for LUCY in the Cyber Security Awards 2018! (Quicklink here)

Vote for LUCY at the Cyber Security Awards 2018: Picture with a beautiful landscape in SwitzerlandThe community, the opinions of our users and the support of the base are very important to us. We take our environment seriously and that’s why we have invented a LUCY User Group. Why? Because we are convinced that not only a top product is needed, but also a good environment in order to be able to compete successfully on the market.

Awards or prizes are not vital for survival, but they represent our position on the market to a certain extent. It is also fun and enjoyable to not only maintain satisfied and win new customers, but also to win a prize from time to time!

That’s why we ask you for supporting us, we are happy about your vote! Hopefully LUCY will become a finalist of the Cyber Security Awards 2018!!

Happy Phishing and Training, Oliver & Palo


100% of those present want to participate again! A brief review of the LUCY Connect User Conference 2017

With a dream rating of 3.9 (out of 4) and more than 73% of feature requests put on the the development list, the first LUCY User Group conference was a complete success!


During the it-sa fair in Nuremberg on 10.10.2017 the first event with active customer participation was held as the first international cyber prevention summit.

Company Key Note from Robert Bosch

“Cyber Resilience as a Silver Bullet?” The keynote presentation by Patrick Zeller from Robert Bosch GmbH on the topic Cyber Resilience (Wikipedia) was very interesting and enriching. It showed that a modern security dispositive must necessarily expect successful security incidents. In order to ensure the security and ultimately the integrity of the IT landscape, state-of-the-art security concepts and their implementation must be

  • Based on realistic assumptions and possibilities,
  • Holistic (i. e. all-embracing, the whole IT-Landscape) and
  • Being able to react dynamically to a wide variety of threat scenarios when dealing with them.

Outlook on future LUCY versions, exchange of experience and development proposals – Following the keynote speech, LUCY founder Oliver Münchow gave an insight into the development focus of future LUCY versions. The further development of the LUCY server, especially with regard to the functionalities around the “Behavorial E-Mail Threat Management” (BTM) was well received. In joint workshops, best practices and experiences in dealing with phishing tests, employee awareness measures and best practices related to technical configuration aspects of the LUCY server in data center environments were exchanged.

73% of the submitted development requests for LUCY servers were included in the development list – the workshop part was completed with the collection of development requests for new LUCY features. Not only feature requests were collected, but the heads of LUCY development  also determined which development requests are effectively transferred to the development list! The customer input was so good that 73% of the development requests from LUCY Connect participants were transferred to the customer list.

Impressive results of the LUCY Connect satisfaction survey – The results of the satisfaction survey of the first user conference on cyber prevention, awareness and security testing speak for themselves:

We are proud to have received such a great feedback! Thank you very much.


Virtual LUCY Connect / LUCY Connect @ RSA2018 / LUCY Connect Europe 2018 – The positive feedback from LUCY Security and our LUCY Eco System Partners has encouraged us to continue supporting the customer base and the community. Safety is always a collective achievement! And the integration in a strong community helps Allen.

That’s why the LUCY Connect is being continued: In January 2018, a first attempt with a virtual edition of the LUCY Connect will be launched. In April 2018, the first North American LUCY Connect will be held as part of the RSA Conference San Francisco, before the second European event will take place in the summer of 2018.


About LUCY Connect – LUCY Connect as a user conference and cyber prevention summit is to strengthen all participants: learn from the experiences of other users at workshops, share your development wishes for LUCY, find out intimate details about future product versions and benefit from the unique network of the LUCY Community. Find out more on the conference website.

Infosec trade shows are not dead!

Have IT fairs become obsolete? No, absolutely not! [Video]

Unexpectedly high visitor interest for the LUCY Testing and Awareness Server at it-sa 2017.

Three days in Nuremberg. Three people at the booth. There’s always something going on. Demos are made, questions answered and business cards exchanged. Lunchtime will be cancelled and at the end of the first day the first printed matter will be sold out.  The young company LUCY Security started to exhibit at IT-Security fairs / tradeshows in year 3 of its existence. The stand at this year’s it-sa is already the fourth appearance of this year. Every exhibition has been a success so far! The interest was great everywhere, you could make a lot more LUCY presentations than normal and you could feel the pulse of the market at every trade show!

Itsa – The pulse of the information security market is pounding! Or maybe he’s even furious. With 630 exhibitors and just under 13,000 visitors, the it-sa trade fair 2017 in Nuremberg was able to record an increase of more than 25% in both key figures compared to the previous year! All of these visitors felt at LUCY’s stand; -) In any case, the interest was enormous and we don’t regret the decision to exhibit at the probably most important European Security Fair in any way.

LUCY Security is on the right track with its product: Employee awareness will become a key InfoSec topic of the year 2018, we are convinced! The 45 seconds clip below gives a good impression of the fair:


The LUCY Security exhibition calendar 2017:

  1. SIGS Technology Conference, Regensdorf, Switzerland.
  2. Public IT Security Conference (PITS, 12 und 13 September, Berlin, Germany (Messebeitrag / Presentation: „Strategies against Social Engineering”).
  3. Internet Security Days, Fantasialand Brühl, Germany.
  4. it-sa 2017, 10.10.2017 – 12.10.2017, Nürnberg, Germany (Press Release: Growth).
  5. Swiss Green Economy Symposium 2017 (SGES), 30.10.2017, Winterthur, Switzerland.


Coming next

….and it-sa 2018: We’ll be back!


100% of the major US companies have an IT security program: Results of the CISO Survey 2017

The situation in the largest market for simulated Internet attacks and IT security awareness testing is absolutely clear: Social engineering for educational purposes has become a regular activity at US companies. Phishing simulations are part of their daily business!

The results of the LUCY CISO survey among IT security representatives of renowned US companies speak for themselves:

  • 100% of the CISOs / IT security officers interviewed stated that they maintain a program to raise awareness of Internet risks among employees in their company
  • 100% of respondents stated that they used training videos to maintain employee awareness
  • With the exception of one person, all respondents have requested that they conduct phishing tests (phishing simulations) in their company
  • More than 90% of respondents stated that their companies use automated threat analysis systems[1] (cyber risks)
  • Less than 10% of respondents stated that malware and ransomware simulations[2] are performed in their companies

Conclusion: In the USA, it has been recognized that not only the IT systems need to be protected, but also the employees have to be’ imumunized’ through ongoing training. This is the only way to ensure sustainable and improved protection against cybercriminality. Offers for such activities become widespread. The offering turns into a commodity as the market.

Survey: On the occasion of the Security Shark Tank held in Palo Alto on October 5,2017, LUCY Security conducted a survey among a group of 24 American CISOs. The survey focused on phishing testing, employee awareness and alerting in threat situations. The number of respondents is not sufficient for a statistically relevant study. Nevertheless, the CISO survey clearly shows the market situation in the USA who is the largest Security Awareness Testing and Training Market.



[1] This corresponds to the Threat Analyzer und (neu) dem Threat-Mitigator

[2] This corresponds to Malware- und Ransomware-Simulation in LUCY (Malware Simulation Toolkit)


What I learned about Security Awareness Computer-Based Training

What I Learned Last Week in California about the Global Security Awareness Training Market

In terms of employee awareness and people testing, the USA is 4-5 years ahead of European countries. The rest of the world is even more trailing behind. The Americans will therefore dictate the price development, this is one of my three great lessons from my participation in the Security Shark Tank in Palo Alto in October 2017.

I learned a lot about Security Awareness Computer-Based TrainingThe global market for “Security Awareness Computer-Based Training” is geographically anything but homogeneous. For decades, the USA has been the largest IT market, accounting for more than 50% of the global IT budget. No wonder that cybercrime has long been focused on America. All well-known providers, which can be summarized under the term “Security Awareness Computer-Based Training”, are US companies. Except for LUCY from Switzerland.

Furthermore, it is not surprising that “social engineering for educational purposes” in the USA has a few years’ head start and that the market is now beginning to saturate. I was particularly aware of this when I took part in the’ Cyber Security Shark Tank, Palo Alto’ in October 2017. And this is important, because we at LUCY must not only look to Europe, where we generate well over half of our turnover. No, we have to look above all in direction to America. Not because the USA is our biggest market (with > 25% market share), but because the USA determines the market development! And that brings me to my insights into the global security awareness computer based training market:

  1. Price erosion. For larger companies, phishing tests and mock phish campaigns (simulations) have become a commodity in the meantime. The saturation is a fact in the US, bigger customers all have a supplier for such a thing in the house. If the saturation point is reached in a market, there will be far-reaching changes in market mechanisms. The market is changing from a new customer market to a switching customer market and market forces are shifting from supplier to buyer. And this has a major impact on prices, which are beginning to collapse. This also explains why Phishme – one of the US market leaders – recently had to lower prices and offer an alleged free offer for organizations with up to 500 users. With our product range, such ‘hard steps’ were not necessary. LUCY is available as a free edition of version 1.0 and our prices are very attractive since the beginning and they are still so today!
  2. Add-ons. The core functionality is made available by all providers. Now they compete with extensions/add-ons for the favor of the customers. At LUCY we have seen an increased demand for our ‘Phishing Button’ and the features around our ‘ Threat Analysis’ in recent months. Now we know why: Customers who are looking for a new way to compare products are looking for differentiators between the different solutions. Here we have a massive advantage, because LUCY is the only genuine, pure product on the market and one that can be installed and used out of the box in no time at all. And our add-ons don’t have to hide: Our Malware Testing Toolkit or our Behavioral Email Threat Analysis (BTM) is unparalleled in the market.
  3. Changing training needs. Market saturation takes time, which also means that employees have been confronted with awareness training and educational programs for some time now. The training programs are no longer new. Often, it is no longer necessary to teach the basics to the majority of the staff. The need for training thus shifts from basic training to special topics or training courses that serve to maintain vigilance. These are often shorter repetition modules or (short) tests. Today shorter loops are in demand, as well as examinations instead of ‘building lessons’. We at LUCY Security have always listened to our customers. The distance between customer and development is shorter than anywhere else and I still don’t see anyone who has shorter development cycles than us. That’s why we have already reacted and released short versions of all videos. More tests will also be introduced in the next few weeks.


My personal conclusion – Falling prices, more features and shorter training courses. These elements will drive the market for Security Awareness Computer-Based Training in 2018. LUCY and its Simulation & Awareness Server accommodate this development. LUCY Security will be the market driver!

Yours sincerely, Palo Stacho, LUCY Security


Discover how we score for Security Awareness on Gartner.


New Release LUCY V 3.7 is out – Download or update now!

The new release of LUCY Server V 3.7 has functional improvements. Notable changes and new features:

  • New dashboard & new dashboard actions (WIKI): It makes the handling much easier, especially when you have a lot of campaigns running

  • New report template variables (WIKI): Finally you can put everything into your Campaign reports!

  • New REST API (WIKI): Integrate your personal LUCY instance into your corporate infrastructure or enhance the functionality. It’s a bidirectional Interface and we have already partner companies developping add-ons for LUCY (to be announced soon). API functionality is available only to the Corporate Edition.

  • Office 365 Outlook plugin (in addition to the Microsoft Outlook Plugin for Windows)

  • Outlook plugin improvements: custom subject, multiple recipients, additional headers (X-CI-Report)

  • A new Enduser profile page, your personal learning and training portal (LUCY Wiki)

  • Deeper report customization

  • Default campaign template for even more efficient campaign creations

  • Threat Analyzer: Automated Incident analysis improvements (Available to Business Edition and above)

  • CC, BCC and fake TO fields in messages

  • AV/Firewall protection improvement

  • Recipient upload improvement

  • Dashboard page improvements

  • A new “Stop All Campaigns” button (makes patching easier)

  • Scheduler improvements

  • Disable campaign checks option

  • Replace BeEF with custom JS library. The active information gathering for client browser data and plugins has been rewritten. New, LUCY own code is used for that.

  • Fake deletion (you won’t accidentally delete anything)

  • Add comparison/benchmark charts into report

  • Extended reporting options

  • Custom logos in the campaign report. After a successful campaign you can generate a report for the management. You can select between different formats like html, pdf or even in a *.docx format (easy editable later on).

  • Report variable validation

  • Backups speedup

  • Backup DB data. You can Backup your own DB now

  • Domain registration improvements

We’ll document everything in our WIKI as soon we can!

Download LUCY Anti Phishing and Cyber Prevention Server below!

Register for LUCY Connect

The best Cybersecurity Awareness Event this Year – Register for next Tuesday

Nine days to go! Dear Friends and customers, we received our last registration only two days ago! We’re going to be a really interesting group, join us Tuesday in two weeks in Nuremberg 🙂  LUCY CONNECT Conference  

  • What? The first LUCY User Group Congress and Cyberprevention Summit for LUCY customers, users and certified partners.
  • Why? Learn from other users experiences. Place your development requests and get an exclusive sneak preview of the future LUCY relases. And mostly: Benefit from the unique LUCY network.
  • When? October 10, 2017, 17:00 – 20:00 at the Hotel Arvena Messe Nuremberg. The event takes place in the framework of the it-sa. This is the most important IT security fair worldwide after the RSA in San Francisco. Within the framework of this event, we will hold the first meeting of the “LUCY User Group” (LUG).
  • Where? Hotel ARVENA MESSE Nuremberg. The meeting place is less than a 10-minute walk from the it-sa exhibition grounds:
    • Arvena Hotel at the NürnbergMesse, Bertolt-Brecht-Strasse 2, 90471 Nuremberg Phone 0911/81 23 0,

Agenda 10.10.2016, 1700 – 20.00 incl Networking event:

  1. Welcome reception and Agenda
  2. Cyber ​​Resilience as Silver Bullet? – Keynote Patrick Zeller, Robert Bosch GmbH
  3. Where goes the journey? Future LUCY Releases – Oliver Münchow
  4. Field Report – The use of LUCY in a large enterprise
  5. Joint workshops (development requests / experience sharing)
  6. Wrap up & closing
  7. Networking event: aperitif / dinner

The event is free of charge. Combine your LUCY Connect attendance with a visit to the it-sa exhibition. It’s the largest European event in IT security and gives you a complete view into the Information Security market. Visit LUCY in Hall Nine (Stand 9-130). Tickets are available free of charge.

Warm regards, Oliver & Palo


IT Security Tutorial Content available for free download in LUCY

New IT-Security Tutorials and Videos available for Free Download in LUCY

Download the new set of security tutorial video’s and brand new phishing attack templates for LUCY Server. Big free content upgrade 2017-09 is available now for everybody.

We have heard from some customers that they would like to use shorter versions of our popular videos. LUCY Security meets this demand with the big content update 09/2017. Not only are rich media security tutorials and videos delivered, but also brand new attack templates for phishing simulations. The content was tested and improved by our pilot customers. We can only recommend the videos: Don’t only run Mock Phish Campaigns, but also educate your staff with security tutorials from LUCY!

No. 4 this year – This is already the fourth content update this year. The software actually counts 97 phishing simulation templates, 38 awareness trainings, 16 educational videos and 16 file based attack templates and everything is included for free in LUCY Server.

Spam Unsubscribe – Spammers sometimes just send an email to get the user to click on the unsubscribe link in order to verify their email address. In this scenario we simulate such a SPAM message with an unsubscribe link.


Payment reminder template for mock phish with lucyPayment Reminder (Payoner) – The recipient gets a reminder of a payment, which is due. Clicking on the “reject” button allows the user to start a dispute.



it security tutorial is available for free download in lucyEmail Security Video – Short Version -In this short (~1 minute) security tutorial video we talk about email security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable. More info about customization can be found here:


password security video - it security tutorial is available for free download in lucyPassword Security Video – Short Version – In this (~1 minute) security tutorial video we talk about password security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.


physical security video short - it security tutorial is available for free download in lucyPhysical Security Tutorial Video – Short Version – In this (~ 1 minute) security awareness video we talk about physical security risks. We also have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.


Infosec Tutorial Video - This IT security tutorial is available for free download in lucyLucy Phishing Educational Video – Short version – This is a 1 minute educational video about phishing attacks. Every video scene can be customized (e.g. custom branding) and translated into additional languages.  This video allows you to track if the user watched the video.


Mobile Security Tutorial VideoMobile Security Tutorial Video 1.1 – Short Version – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphone & laptop). Length: ~ 1 Minute, Audiences and Skill Levels see above and please note that all video’s can be fully customized. More info:


ransomware tutorial videoRansomware Tutorial Video – Short Version – In this short video (~ 1 Min) we talk about the ransomware threats. Since the NotPetya and WannaCry attacks of 2017, this video is very popular!


Security Tipps Tutorial Video by LUCYSecurity Tips Tutorial – Short Version – In this short (~ 1 minute) security tutorial video we have put together a few security tips, which involve best practices and policies that promote security. The content (animation, language, script) is customizable.


Microsoft receipt tutorial from LUCY SecurityMicrosoft Receipt Mock Phish Attack Template – This is a file based only scenario without a landing page containing a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the build in browser. No data is transmitted. You will have the ability to track, who executed the macro.


Avoid Phishing Attacks TutorialAvoid & Recognize Phishing Attacks (Remake 09/2017: Version 2.1) – In this static course we describe the different phishing types (MASS-SCALE PHISHING, SPEAR PHISHING, WHALING, VISHING, SMISHING, SOCIAL MEDIA PHISHING) and give the user practical tips. All content is 100 % customizable. Duration: 5-10 Minutes.

Security Awareness Videos, Tutorials, Trainings and Quizes from LUCY – everything is included!

By the way: If you want to translate the video into your local language, we do this for only 350 USD….

Run Phishing Test using LUCY

What a score! LUCY Security is on Gartner Peer Insights

Finally, LUCY has made it to the Gartner Peer Insights with some great reviews.


In the Gartner Peer Insights and Reviews  professionals will share their experiences, which they had with their suppliers and the suppliers’ services / products. The experience reports (the review), is validated by Gartner for probity and reliability, and therefore has a high relevance on the quality of the supplier, in the market. That is why it is also very important for LUCY to appear in these experience-based reports. Some excerpts from the reviews:

Please explain your willingness or hesitation to recommend this product or service:

  • “Great value package, easy to use”

Overall rating of service and support from the vendor:

  • “Very supportive and dedicated”
  • “Good training by service provider and good handbook available”

Quality and availability of administrator training:

  • “Half a day of training was sufficient to handle the product and set up first campaign”

We are happy for the ratings and are committed to maintaining LUCY’s  good results on Gartner Peer Insights!

We look forward to any further review 🙂  – LUCY: We make cyber-prevention affordable and available to everybody!