Skill

KnowBe4 Reporting

Generates KnowBe4 security awareness reports covering phishing summary statistics, training completion rates, risk score overviews, trend analysis, organizational benchmarks, and executive dashboards. Interprets metrics and communicates posture to stakeholders.

security

monitoring

Install

npx claudepluginhub wyre-technology/msp-claude-plugins --plugin knowbe4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

KnowBe4 reporting provides visibility into an organization's security awareness posture through phishing simulation metrics, training completion data, and risk scores. Effective reporting translates raw data into actionable insights for security teams, management, and compliance stakeholders. This skill covers how to retrieve, interpret, and present KnowBe4 metrics.

SKILL.md

Similar Skills

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

everything-claude-code

157.7k

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

everything-claude-code

157.7k

accessibility

Designs, implements, and audits WCAG 2.2 AA accessible UIs for Web (ARIA/HTML5), iOS (SwiftUI traits), and Android (Compose semantics). Audits code for compliance gaps.

everything-claude-code

157.7k

Stats

Parent Repo Stars12

Parent Repo Forks8

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

KnowBe4 Security Awareness Reporting

Overview

Key Concepts

Core Metrics

Metric	Definition	Target
Phish-Prone Percentage (PPP)	% of users who failed phishing tests	Below 5% after 12 months
Training Completion Rate	% of enrolled users who completed training	Above 95%
Average Risk Score	Mean risk score across all active users	Below 30
Reporting Rate	% of phishing tests reported via PAB	Above 70%
Click-to-Report Ratio	Ratio of clicks to reports	Below 0.5:1
Time to First Click	Average time from delivery to first click	Increasing over time

Metric Interpretation Guide

Phish-Prone Percentage (PPP):

PPP = (Users who failed / Users who received test) * 100

Interpretation:
- Decreasing PPP = Training is working
- Flat PPP = Need to change training approach
- Increasing PPP = New threats, new employees, or stale training
- Sudden spike = Especially effective phishing template

Training Completion Rate:

Completion Rate = (Completed enrollments / Total enrollments) * 100

Interpretation:
- Below 80% = Enforcement issue, need manager involvement
- 80-95% = Normal range, follow up on stragglers
- Above 95% = Excellent compliance
- 100% = Verify data -- may indicate auto-completion

Risk Score Trends:

Risk Trend = Current avg risk score - Previous period avg risk score

Interpretation:
- Negative trend = Improving (good)
- Flat trend = Plateau, consider changing approach
- Positive trend = Degrading, investigate cause

Reporting Timeframes

Timeframe	Use Case	Audience
Weekly	Operational monitoring, active campaign tracking	Security team
Monthly	Trend analysis, department comparisons	Security manager
Quarterly	Executive summary, compliance reporting	Leadership, auditors
Annual	Year-over-year progress, program justification	Board, C-suite

Industry Benchmarks (2024)

Metric	Small (<250)	Medium (250-1000)	Large (1000+)
Initial PPP	32.4%	30.1%	31.5%
PPP after 90 days training	17.6%	16.4%	15.2%
PPP after 12 months	5.4%	4.8%	4.5%
Training completion	87%	91%	93%
PAB reporting rate	45%	52%	58%

Field Reference

Account-Level Summary Fields

Field	Type	Description
`total_users`	int	Total active users
`current_risk_score`	float	Organization-wide average risk score
`phish_prone_percentage`	float	Organization-wide PPP
`total_phishing_campaigns`	int	Total phishing campaigns run
`total_training_campaigns`	int	Total training campaigns run

Phishing Summary Fields

Field	Type	Description
`total_campaigns`	int	Number of phishing campaigns
`total_tests_sent`	int	Total phishing emails delivered
`total_clicked`	int	Total clicks across all campaigns
`total_reported`	int	Total reports via PAB
`overall_ppp`	float	Overall phish-prone percentage
`ppp_by_department`	object	PPP broken down by department
`ppp_by_location`	object	PPP broken down by location
`ppp_trend`	array	PPP over time (monthly)

Training Summary Fields

Field	Type	Description
`total_campaigns`	int	Number of training campaigns
`total_enrollments`	int	Total user enrollments
`completed`	int	Number completed
`in_progress`	int	Number in progress
`not_started`	int	Number not started
`past_due`	int	Number past due
`completion_rate`	float	Overall completion percentage
`average_time_spent`	int	Average seconds spent on training
`completion_by_department`	object	Completion broken down by department

MCP Tools

Tool	Description	Key Parameters
`knowbe4_reporting_account_summary`	Get account-level summary stats	none
`knowbe4_reporting_phishing_summary`	Get phishing simulation summary	`start_date`, `end_date`
`knowbe4_reporting_training_summary`	Get training completion summary	`campaign_id`, `start_date`, `end_date`
`knowbe4_reporting_risk_overview`	Get risk score overview	`group_id`
`knowbe4_reporting_ppp_trend`	Get PPP trend over time	`start_date`, `end_date`, `interval`
`knowbe4_reporting_department_breakdown`	Get metrics by department	`metric_type`

Common Workflows

Monthly Security Awareness Report

Get account summary for top-level metrics
Pull phishing summary for the month
Pull training summary for active campaigns
Get PPP trend for the last 6 months
Break down by department to identify problem areas
Compare to previous month for trend direction
Format report with key findings and recommendations

Quarterly Executive Report

Get 3-month summary across all metrics
Calculate quarter-over-quarter change for PPP, completion rate, risk score
Identify top 5 highest-risk departments
Highlight achievements (PPP improvements, 100% completion groups)
List recommendations for next quarter
Include industry benchmarks for context

Compliance Audit Report

List all training campaigns for the audit period
Get completion rates for each required training
Identify non-compliant users (past_due or not_started)
Document remediation actions taken for non-compliance
Export data with timestamps for audit evidence

Risk Trend Analysis

Pull risk score history for the organization over 12 months
Overlay with campaign dates -- phishing tests and training launches
Correlate risk changes with specific events
Identify which campaigns had the most impact on risk
Recommend optimization of campaign mix

New Client Baseline Report

Run baseline phishing test before any training
Record initial PPP as the starting point
Document initial risk score distribution
Set targets based on industry benchmarks
Schedule follow-up assessment at 90 days

Report Templates

Executive Summary Format

SECURITY AWARENESS REPORT - [Month/Quarter]
============================================

KEY METRICS
- Phish-Prone Percentage: XX.X% (change from last period)
- Training Completion Rate: XX.X%
- Average Risk Score: XX.X
- PAB Reporting Rate: XX.X%

HIGHLIGHTS
- [Notable achievement or concern]
- [Notable achievement or concern]

DEPARTMENT RANKING (by PPP, best to worst)
1. [Department] - X.X%
2. [Department] - X.X%
...

RECOMMENDATIONS
1. [Action item]
2. [Action item]

Department Comparison Format

DEPARTMENT SECURITY AWARENESS COMPARISON
=========================================

Department    | PPP    | Training | Risk Score | Trend
-------------|--------|----------|------------|------
IT           | 3.2%   | 98%      | 15.4       | ↓
Finance      | 8.1%   | 95%      | 28.7       | ↓
Sales        | 22.4%  | 82%      | 52.1       | →
HR           | 12.7%  | 91%      | 35.2       | ↓
Executive    | 15.3%  | 88%      | 41.0       | ↑

Error Handling

Common API Errors

Code	Message	Resolution
400	Invalid date range	Use ISO 8601 format (YYYY-MM-DD)
401	Invalid API token	Verify KNOWBE4_API_KEY
403	Insufficient permissions	API token needs Reporting permissions
404	No data for period	No campaigns run during specified dates
429	Rate limit exceeded	Implement backoff (see api-patterns)

Data Considerations

Issue	Cause	Resolution
PPP seems too low	Small sample size	Need more campaigns for statistical significance
Completion rate drops	New campaign started with fresh enrollments	Wait for campaign to mature
Risk score not updating	Calculated periodically, not real-time	Allow 24-48 hours for updates
Department data missing	Users lack department field	Update user profiles
Trend shows no data points	Date range too narrow	Expand date range

Best Practices

Report consistently -- Use the same metrics and format every period
Show trends, not snapshots -- A single PPP number is less useful than 6-month trend
Use benchmarks -- Compare against industry averages for context
Segment by audience -- Executives want summary; security team wants details
Include recommendations -- Every report should have actionable next steps
Track leading indicators -- PAB reporting rate predicts future PPP improvement
Celebrate successes -- Highlight departments and users who improve
Avoid vanity metrics -- Focus on metrics that drive security outcomes
Automate where possible -- Schedule recurring reports to reduce manual effort
Correlate with real incidents -- Connect awareness metrics to actual security events

Related Skills

KnowBe4 Phishing - Phishing simulation campaigns
KnowBe4 Training - Training campaign management
KnowBe4 Users - User management and risk scores
KnowBe4 API Patterns - Authentication, pagination, and rate limits