LUCY gets a Score of 4.8 on Gartner Peer Insights – That is a great rating!

Great toolbox, goes further than some big players” – Such statements and an overall rating of 4.8 out of 5 points are an excellent rating for our software and our company’s support services.


In the Gartner Peer Insights and Reviews  professionals will share their experiences, which they had with their suppliers and the suppliers’ services / products. The experience reports (the review), is validated by Gartner for probity and reliability, and therefore has a high relevance on the quality of the supplier, in the market. Some excerpts from the reviews:

  • “LUCY is the perfect tool for encompassing all aspects of phishing testing and training”
  • “Great toolbox, goes further then some big players”
  • “Great value package, easy to use”
  • Service & Support: “Very supportive and dedicated”
  • Service & Support: “Good training by service provider and good handbook available”
  • Quality and availability of administrator training: “Half a day of training was sufficient to handle the product and set up first campaign”

We are happy for the ratings and are committed to maintaining LUCY’s  good results on Gartner Peer Insights!

We look forward to any further review

LUCY: We make cyber-prevention affordable and available to everybody!


Net Promoter Score (NPS)

LUCY reaches an incredible Net Promoter Score of 85.3 in 2018

LUCY Security’s World Class Cybersecurity Solution massively Outpaces Technology Industry with an dreamlike Net Promoter Score (NPS) of 85.3!

We only did a short customer survey this year. The only thing we asked our customers was: “On a scale of 1 – 10(best), how likely is it that you would recommend the LUCY software?” The result was amazing! The NPS of 85.3 is a great result. For comparison: Fireeye has an NPS 54 and Palo Alto Networks NPS is 14.

In the press release, our founder Oliver Münchow said: “Our NPS of 85.3 underscores LUCY’s unique differentiation to provide an unparalleled customer experience and service. This excellent rating reflects our innovative strength in phishing testing, awareness training, infrastructure health checks and human firewall engagement. The unique product-oriented approach in the development of an easy-to-use standard solution maximizes the benefits for our customers in an unprecedented way.”

Net Promoter® is a loyalty metric and a discipline for using customer feedback to measure and fuel sustainable growth. It is used as simple but effective approach to monitor customer experience. LUCY’s NPS of 85.3 validates the company’s exemplary efforts to serve the needs of their customers. This has resulted in extremely high customer retention rates. The average NPS in B2B Tech Vendors is 21 (Tech Vendor NPS Benchmark B2B 2017) .

Do you want to know more? Please contact palo (a t) lucysecurity-do t-com and ask for Colin (US) or Palo (everywhere else).

  • LUCY Security AG, Chamerstrasse 44, 6300 Zug, Schweiz, +41 44 557 19 37
  • LUCY Security LLC, 801 W 5th St, Suite 809, Austin TX 78703, USA, 512-917-9180



FireEye NPS:
Palo Alto NPS:


We make Cyberprevention available and affordable to everybody!




It is a GDPR compliant IT Security Awareness solution

GDPR is met: LUCY is the most secure IT security awareness system!

GDPR is no problem for LUCY and its customers. The LUCY server is secure and the customer data is protected, the personal data can also be kept anonymous.

GDPR places high demands on the providers of anti-phishing solutions. Security has always been a top priority at LUCY Phishing Server. The design decision to offer a locally installable standard product despite the cloud hype was clearly due to the security needs of many customers.

Also secure cloud solution – Since LUCY server is heavily automized, it is not an issue to run thousands of separated cloud instances. Each LUCY Cloud instance is a private server to which only the customer has access and where the data is as secure as if you were in a protected corporate network. Because

->Data storage is encrypted
->LUCY supports the complete anonymization of personal data
->Each installation is a closed system and belongs to the customer.

Extended security mechanisms – For the individual protection of a LUCY server, extended security mechanisms can be set up and used for system protection:

  • Restricted network-based access to LUCY
  • Secure and restricted user access
  • Safe setup of LUCY in a DMZ or SSZ
  • Secure (and anonymous) storage of data
  • Secure communication channels
  • Transparent network communication
  • Secure Remote Support
  • Regular updates of the application and operating system
  • Custom Admin URL for Administrator GUIs
  • Ability to monitor all system activities
  • And the ability to monitor the system in real time

and LUCY’s cloud servers are located in ISO27001 certified data centers. More information about security can be found in our wiki:

LUCY has no problems with GDPR and data security – it is the safest cybersecurity awareness solution!

Secure employee awareness training with LUCY Server: employee training, phishing simulations, self-executable infrastructure asessements and efficient alerting with the phishing alarm button. Dozens of templates and many training videos are included! The software is compliant to GDPR data privacy laws.

Robert Bosch uses LUCY for Phishing Simulations

Customer Story – Experiences with the use of the LUCY Phishing Awareness Training Server at Robert Bosch

An interview with Patrick Zeller, Senior Manager Enterprise Security, Robert Bosch LLC.

Robert Bosch uses LUCY for Phishing SimulationsMarch 2017 – “Bosch” is one of LUCY Security’s first major customers. Thanks to its support, the LUCY Phishing and Awareness Training Server was able to develop rapidly. At the beginning of the year 2017, we interviewed Mr. Zeller on the use and experiences with the products.

Mr. Zeller, how and to what extent does Robert Bosch use the LUCY server?

Patrick Zeller: We use Lucy to educate our employees around the world, on the dangers and risks of phishing and to raise awareness about this. Our employees are given the opportunity to gain experience on this topic, within a safe environment.

And since when is the product been used by Bosch? Can you tell us something about the volume of the already-conducted campaigns?

P.Z.: After an initial evaluation in autumn 2015, we have been using the LUCY Phishing Awareness Training Server since spring 2016. We have conducted various campaigns in more than 10 different languages, with up to 300,000 recipients. Also, since the end of 2016 we have been using the new function of “USB phishing”.

Can you now say something on the benefits of the phishing simulations; has the awareness against cyber risks actually increased among the employees?

We have not yet performed enough campaigns to have proving evidence, with regard to the “click-through rates”. We expect the first KPIs by the middle of the year. However, the feedback of our employees on the respective campaigns is very positive. What we can say with certainty is that we have noticed a significant increase in the notification rates / reports on phishing emails to our internal CERT, as a result of the phishing campaigns carried out so far. This indicates an increasing general awareness of our employees.

Do you remember the incidents; have there been fewer breaches, infections, or something similar?

These are internal data on which I unfortunately cannot comment on. However, since security have always been a top priority for Bosch, we have traditionally been very well positioned here. We see the topic “Security Awareness Phishing” as a complementary tool and measure in our IT security portfolio.

Thank you, Mr. Zeller. Let’s now get to the product itself: why did Robert Bosch GmbH opt for LUCY?

In addition to its excellent price / performance ratio, the decisive factor was the fact that we could completely run the LUCY Phishing Awareness Training Server in-house or on-premise. This is important to us, as it ensures that no sensitive data from our employees leaves the company. Overall, this equally helped us to obtain approval from our worker`s council, since we could convincingly demonstrate and ensure that no employees are monitored. LUCY gives us the flexibility to individually design campaigns and to execute them completely anonymously. It is our goal to train our employees and not to carry out performance checks on them!

And how were the experiences so far?

Overall, it is very positive; as such, we’ve decided to continue with the LUCY Phishing Awareness Training Server. We appreciate the close contact with LUCY’s developers, who can directly support us in case of problems and who are always open for new feature requests. With the version 2.x, we had some performance issues at the beginning, but since the version 3.0, the product has significantly matured and it runs reliably. Unfortunately, the report generator can only be used to a limited extent, because we have very specific requirements, which is due to the size and complexity of our organization. Fortunately however, we can solve this by exporting the results, which we then appropriately prepare for ourselves, through our database applications.

Can you tell us about your favorite features or templates and how are you satisfied with the product?

To be honest, we rarely used pre-made templates in the past. We have too much fun in implementing our own ideas. In general, LUCY’s flexibility is certainly a feature which we greatly appreciate. Also, the “Randomized Phishing” and the “Double Barrel Attacks[1]” are among our favorite features, since they are very efficient and easy to configure. Currently we are looking at the new Phishing Incident Plugin for Microsoft Outlook (Note: Phishing alert button). Overall I can say that LUCY is a very efficient tool for my team, for creating awareness amongst our employees and it meets all our requirements!

Thank you very much for this interview, Mr. Zeller.

[1] In a double barrel attack, the system first sends the user a lure email with a teaser text. The system then waits for some time, before the actual phishing email is sent to the user.

About the LUCY Phishing Awareness Training Server

The LUCY Phishing Awareness Training Server is used for the simulation of technical social engineering attacks and it is universally applicable from SMEs (Small Application Areas Phishing LUCY Server Robert Boschand Medium size Enterprises) right up to large customers. The product can locally be installed at the customer’s location; a cloud variant is also available. The Swiss solution provides dozens of preconfigured phishing templates and training modules, which can be independently used by the end user. Through the “Phishing Incident Plugin” for Microsoft Outlook, the user is opportune by his/her quick reception of an alert, in the event of an attack; this thus reduces the work put in by the security team in the analysis of the threat.

For further information please contact LUCY Security at +41 44 557 19 37 or at

Avoid Ransomware - Locky in Action

18 Strategic and Creative Ways to Avoid Ransomware

Use Malware and Ransomware simulations from LUCY: Screencasts, examples and tutorials

Create and run malware simulations – LUCY Screencasts

It Starts with a Phishing Attack: 10 Steps to a Global Financial Meltdown

‘Too big to fail’—But the financial industry remains vulnerable. Just look at the ‘Carbanak attacks’ or the ‘Bangladesh SWIFT Hack’. A global financial meltdown due to hacker attacks is a realistic possibility: A poll taken at Black Hat 2016 indicates that 72% of security experts expect a ‘major issue’ to occur in the next 12 months. This post explains how cyber criminals launching a phishing attack could cause a global financial meltdown.

The Carbanak attacks and the Bangladesh Swift Hack: It is possible!

The Carbanak attacks targeted some 100 banks, capturing 8M USD on average from each, while the Bangladesh Swift Hack stole over 80M USD. Both prove one thing: Banks remain vulnerable. It should not be the case, but it remains a fact. Obvious weaknesses were and are still regularly exploited, with some experts even convinced that Carbanak remains active today. From this viewpoint, it is not surprising that a poll taken at Black Hat 2016 showed that two-thirds of the IT-security specialists surveyed expect a ‘major incident’ in the next 12 months.

Who gets attacked when cyber criminals want to strike the financial industry at its core?

Financial Market Infrastructures (FMIs) are the main targets. These are the banks and organizations that money flows through, including clearing banks, payment systems, SWIFT departments, and so on. Once hacked, FMIs unwittingly give gangsters the ability to manipulate an account’s balance upwards and remit the difference without altering the initial balance—the account owner’s balance remains the same.

Who attacks why?

Three (outside) attacker types are the most obvious: (1) Criminal groups who want to steal money, (2) state hackers who seek to manipulate economic and power politics, and (3) activist groups who act for supposedly ethical or idealistic reasons.

Financial meltdown: How the collapse of the financial system works?

There are 10 steps that could lead to the fall of the financial industry. The entire process would unfold over the course of months, and it would all start with social engineering

  1. Beginning with a Phishing attack or other social engineering trick (SMiShing, USB Trojans, etc.), gangsters gain access to a banking network and infiltrate it using malware. This malware then spreads ‘laterally’ as, say, the infection quickly moves among workstations.
  2. Exploration. The malicious software spies on the network and the way people work on it. User screens are recorded over months, as are keystrokes. Gradually, attackers learn which transactions must be executed to manipulate accounts and transfer funds.
  3. Attack. The attack is carried out. The attacker, e.g., raises the beginning balance of account X from $2000 to $20,000, then transfers the difference of $18,000 to a third location. Another example would be attacking an ATM, causing it to spit out oodles of money (ATM jackpotting). Optimally, an attack is one of many that happen simultaneously, effecting many accounts at many banks. The Carbanak Gang mastered this procedure by making cash withdrawals that were only big enough that the effected banks did not have to report irregularities and could continue to make their daily closings. Here is where the attack actually ends.

  4. Recognition. The targeted Banks note the irregularities because account balances are not increasing or decreasing as they should be. The central FMI banks also note the irregularities through their regular monitoring. But since neither side is communicating with the other, nobody knows how much money is missing and at which bank the initial break-in occurred.
  5. Open bank accounts and/or incorrect account balances bring the flow of money to a standstill. Now the meltdown begins to move fast. Because the banks no longer trust their numbers, they may not close their books or know exactly what their customers’ balances are. Therefore, banks become reluctant to wire customer transactions. The flow of money stops.
  6. Trade comes to a halt. Without reliable payment infrastructure companies and businesses can no longer function properly. Supply chains come to a standstill and trading begins to sputter.
  7. Panic and mass withdrawals. The financial meltdown begins: Now everyone realizes that something is wrong. Many account holders immediately try to withdraw their money.
  8. The first banks collapses. The outflow of funds (customers’ savings) leads to liquidity shortages and the banks ‘collapse’.  Central banks normally help in such situations by providing banks with liquidity. But since no one knows exactly why something is wrong, and because many banks are effected at the same time, it becomes doubtful that central banks will be able to save the situation at all.
  9. The recovery of the backups fail. Since it is unknown exactly when the attack and the tampering began, there is an increased likelihood that the back-played backups are already corrupted too. A rapid recovery in business activity and decent banking operations are suddenly no longer possible.
  10. The ‘doomsday of the financial system’: weeks of bank holidays and a lack of public confidence. The financial institutions have no other option than to shut their systems down and proclaim a bank holiday. The industries’ envisaged “recovery time” of 2 hours degenerates into a farce. The financial meltdown and the unavailability of banking leads directly to the corresponding damage to the global economy. The long-term damage is even worse: The world’s confidence in the financial system has effectively been destroyed. In addition to the lengthy amount of work needed to find out what actually happened, it takes even longer to rebuild and restore public confidence, if such a thing is even possible any longer. It’s easy to imagine that such an incident could force the economy into a global recession and that market participants could walk away from the traditional financial institutions and turn to alternative clearing and payment systems.

Conclusion: phishing or social engineering are almost always the catalysts

financial meltdown with phishingThis bleak scenario is not so far-fetched. For us, it’s proven that if such a scenario unfolded, a successful phishing attack would be the catalyst. With phishing or other social engineering technical measures, attackers gain access to the networks and computer infrastructures of financial institutions. Once attackers gain access, they inject malware and the APT begins. And our twenty years of penetration-testing experience has shown that social engineering, along with malware, always leads to a successful infection.

Use LUCY Server to prevent successful phishing attacks

By using LUCY you increase employee awareness against cyber attacks and social engineering. Our people testing and technology assessment server can be installed on premise or be used in the cloud. The solution allows users to perform DIY

  • Phishing / SMiShing / Bad-USB simulations
  • Malware simulations
  • Ransomware simulations
  • SIEM stress tests
  • IT-security awareness education and training

A free community edition is available. We already have more than 2400 active installations. Just visit to learn more.  LUCY Security – Increase IT Security, maintain Cybersecurity Awareness and prevent the financial meltdown!



    1. IT-Security experts are expecting a major issue next year
    2. Carbanak steals more than 1 Bn 
    3. Carbanak: 8 Mio USD on average
    4. Bangladesh Hack 
    5. Bangladesh Swift Bank Hack
    6. Carbanak is still active  
    7. ATM-Jackpotting
    8. Policy: Two-hour recovery time 
    9. What is an APT?
    10. Phishing and Malware are always working together! – LUCY Manifesto

LUCY Functional Overview

IT-Security Basics: Hacking for Dummies