Objection · 04
Phish-prone Percentage is a real metric. You can't dismiss it.
Validate
Acknowledge it. Phish-prone Percentage is the best metric available for measuring simulation performance. The category trusts it.
Reframe
Different question. PPP proves users learned to recognise KnowBe4's simulations. It does not prove users decide better when an email is real and unscripted.
Ask
What does the platform measure when a user makes a security decision outside a simulation?
Proof · Regulation
NIS2 needs proof that controls are working — not just that training happened. Simulation-channel performance is one input; behavioural risk requires multi-channel signal.