What I Learned Last Week in California about the Global Security Awareness Training Market

In terms of employee awareness and people testing, the USA is 4-5 years ahead of European countries. The rest of the world is even more trailing behind. The Americans will therefore dictate the price development, this is one of my three great lessons from my participation in the Security Shark Tank in Palo Alto in October 2017.

I learned a lot about Security Awareness Computer-Based TrainingThe global market for “Security Awareness Computer-Based Training” is geographically anything but homogeneous. For decades, the USA has been the largest IT market, accounting for more than 50% of the global IT budget. No wonder that cybercrime has long been focused on America. All well-known providers, which can be summarized under the term “Security Awareness Computer-Based Training”, are US companies. Except for LUCY from Switzerland.

Furthermore, it is not surprising that “social engineering for educational purposes” in the USA has a few years’ head start and that the market is now beginning to saturate. I was particularly aware of this when I took part in the’ Cyber Security Shark Tank, Palo Alto’ in October 2017. And this is important, because we at LUCY must not only look to Europe, where we generate well over half of our turnover. No, we have to look above all in direction to America. Not because the USA is our biggest market (with > 25% market share), but because the USA determines the market development! And that brings me to my insights into the global security awareness computer based training market:

  1. Price erosion. For larger companies, phishing tests and mock phish campaigns (simulations) have become a commodity in the meantime. The saturation is a fact in the US, bigger customers all have a supplier for such a thing in the house. If the saturation point is reached in a market, there will be far-reaching changes in market mechanisms. The market is changing from a new customer market to a switching customer market and market forces are shifting from supplier to buyer. And this has a major impact on prices, which are beginning to collapse. This also explains why Phishme – one of the US market leaders – recently had to lower prices and offer an alleged free offer for organizations with up to 500 users. With our product range, such ‘hard steps’ were not necessary. LUCY is available as a free edition of version 1.0 and our prices are very attractive since the beginning and they are still so today!
  2. Add-ons. The core functionality is made available by all providers. Now they compete with extensions/add-ons for the favor of the customers. At LUCY we have seen an increased demand for our ‘Phishing Button’ and the features around our ‘ Threat Analysis’ in recent months. Now we know why: Customers who are looking for a new way to compare products are looking for differentiators between the different solutions. Here we have a massive advantage, because LUCY is the only genuine, pure product on the market and one that can be installed and used out of the box in no time at all. And our add-ons don’t have to hide: Our Malware Testing Toolkit or our Behavioral Email Threat Analysis (BTM) is unparalleled in the market.
  3. Changing training needs. Market saturation takes time, which also means that employees have been confronted with awareness training and educational programs for some time now. The training programs are no longer new. Often, it is no longer necessary to teach the basics to the majority of the staff. The need for training thus shifts from basic training to special topics or training courses that serve to maintain vigilance. These are often shorter repetition modules or (short) tests. Today shorter loops are in demand, as well as examinations instead of ‘building lessons’. We at LUCY Security have always listened to our customers. The distance between customer and development is shorter than anywhere else and I still don’t see anyone who has shorter development cycles than us. That’s why we have already reacted and released short versions of all videos. More tests will also be introduced in the next few weeks.


My personal conclusion – Falling prices, more features and shorter training courses. These elements will drive the market for Security Awareness Computer-Based Training in 2018. LUCY and its Simulation & Awareness Server accommodate this development. LUCY Security will be the market driver!

Yours sincerely, Palo Stacho, LUCY Security


Discover how we score for Security Awareness on Gartner.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.