Cimento is headed to Black Hat USA — catch us in Vegas, Aug 1–6

Black Hat USA 2026 · Aug 1–6

Book a Meeting →

Book a Meeting →

Home / Resources / KnowBe4 Renewal Checklist

Free Resource

Before you renew KnowBe4, ask these questions.

A renewal is a decision. Most teams treat it as a calendar event.

A renewal is a decision. Most teams treat it as a calendar event.

A renewal is a decision. Most teams treat it as a calendar event.

Twenty-one questions across seven areas — engagement, reporting, channels, AI readiness, admin burden, compliance, and risk scoring. If your current program answers them well, renew happily. If it can’t, you have negotiating leverage or a reason to look.

The 21 Questions

Seven areas. Three questions each.

Area 1

Engagement

Has employee engagement with training gone up or down over the contract term?

What percentage of training time is spent on content relevant to each employee’s actual role?

If you stopped requiring training, would anyone choose to take it?

Area 2

Reporting & Metrics

Can you show your board a risk trend, or only completion and click rates?

Do your metrics distinguish a risky CFO from a risky intern?

Did your last renewal deck contain any number an attacker would care about?

Area 3

Multi-Channel Coverage

Have your employees ever been tested over voice or SMS, or only email?

Do simulations reflect multi-step attacks (text, then call, then email)?

Which of last year’s real incidents used a channel your program never simulates?

Area 4

AI Phishing Readiness

Are your simulation lures still template-based while real attackers use generative AI?

Have executives been tested against AI voice-clone or deepfake impersonation scenarios?

Does your vendor’s roadmap treat AI attacks as a feature or as the new default?

Area 5

Admin Burden

How many hours per month does your team spend building and managing campaigns?

What happens to the program when your busiest quarter hits?

Could remediation run automatically, without a human scheduling it?

Area 6

Compliance

Which specific controls (SOC 2, ISO 27001, HIPAA, PCI) does the program evidence — and is that all it does?

Would your cyber insurer accept your current reporting as evidence of risk management?

Is compliance the ceiling of your program, or the floor?

Area 7

Risk Scoring

Does your risk score include what each person can access, or only how they behave?

Can you name your ten highest-risk employees right now, with evidence?

If risk went down last quarter, could you prove it?

How to Score It

What your answers mean.

Mostly confident answers

Your program is working. Renew — and consider running a baseline anyway, as independent evidence for the board.

Mixed answers

You have leverage. Take the gaps into the renewal negotiation, and benchmark with a baseline so the conversation is grounded in your own data.

Mostly “we can’t answer that”

Your program proves training happened. It doesn’t prove risk went down. Run the 14-day baseline before you sign anything.

Take It With You

Get the checklist as a PDF.

Formatted for forwarding to your CISO or dropping into the renewal meeting notes. Includes a scoring worksheet and the questions in vendor-neutral form.

Works for any SAT vendor renewal — not just KnowBe4.

Benchmark before you renew.

The checklist finds the questions. The 14-day Human Risk Baseline finds the answers — measured on your own employees, alongside your current program.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.