Home / Resources / KnowBe4 Renewal Checklist
Free Resource
Before you renew KnowBe4, ask these questions.
Twenty-one questions across seven areas — engagement, reporting, channels, AI readiness, admin burden, compliance, and risk scoring. If your current program answers them well, renew happily. If it can’t, you have negotiating leverage or a reason to look.
The 21 Questions
Seven areas. Three questions each.
Area 1
Engagement
Has employee engagement with training gone up or down over the contract term?
What percentage of training time is spent on content relevant to each employee’s actual role?
If you stopped requiring training, would anyone choose to take it?
Area 2
Reporting & Metrics
Can you show your board a risk trend, or only completion and click rates?
Do your metrics distinguish a risky CFO from a risky intern?
Did your last renewal deck contain any number an attacker would care about?
Area 3
Multi-Channel Coverage
Have your employees ever been tested over voice or SMS, or only email?
Do simulations reflect multi-step attacks (text, then call, then email)?
Which of last year’s real incidents used a channel your program never simulates?
Area 4
AI Phishing Readiness
Are your simulation lures still template-based while real attackers use generative AI?
Have executives been tested against AI voice-clone or deepfake impersonation scenarios?
Does your vendor’s roadmap treat AI attacks as a feature or as the new default?
Area 5
Admin Burden
How many hours per month does your team spend building and managing campaigns?
What happens to the program when your busiest quarter hits?
Could remediation run automatically, without a human scheduling it?
Area 6
Compliance
Which specific controls (SOC 2, ISO 27001, HIPAA, PCI) does the program evidence — and is that all it does?
Would your cyber insurer accept your current reporting as evidence of risk management?
Is compliance the ceiling of your program, or the floor?
Area 7
Risk Scoring
Does your risk score include what each person can access, or only how they behave?
Can you name your ten highest-risk employees right now, with evidence?
If risk went down last quarter, could you prove it?
How to Score It
What your answers mean.
Mostly confident answers
Your program is working. Renew — and consider running a baseline anyway, as independent evidence for the board.
Mixed answers
You have leverage. Take the gaps into the renewal negotiation, and benchmark with a baseline so the conversation is grounded in your own data.
Mostly “we can’t answer that”
Your program proves training happened. It doesn’t prove risk went down. Run the 14-day baseline before you sign anything.
Take It With You
Get the checklist as a PDF.
Formatted for forwarding to your CISO or dropping into the renewal meeting notes. Includes a scoring worksheet and the questions in vendor-neutral form.
Works for any SAT vendor renewal — not just KnowBe4.
Benchmark before you renew.
The checklist finds the questions. The 14-day Human Risk Baseline finds the answers — measured on your own employees, alongside your current program.