Human Risk. PHOTO: Cybercrime Magazine.

10 Hot Security Awareness Training Companies To Watch in 2024

Find companies to help defend your organization and employees against phishing scams and ransomware attacks

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Mar. 2, 2024

Cybersecurity Ventures predicts the global security awareness training market will exceed $10 billion annually by 2027, up from around $5.6 billion in 2023, based on 15 percent year-over-year growth. We’ve come a long way since 2014 when Gartner pegged this same market at around $1 billion in annual revenue.

CISOs and security leaders are asking Cybercrime Magazine who’s who in security awareness training. We’ve answered with 10 hot venture-funded security awareness training companies with varying solutions.

CybSafe may be the hottest company on our list. Their CEO and founder, Oz Alashe, says CybSafe is laser-focused on human risk, and that’s exactly what CISOs are telling us.

Cybercrime Radio: Who’s Who In Security Awareness Training

It’s all about human risk.


The hot venture funded pure-play security awareness training companies that we’re following, and you should be too:

  • CultureAI, Manchester, U.K. Intelligently automate your simulated phishing and training program, then easily connect your apps to surface 35+ types of risky employee cyber security behaviors wherever they happen. CultureAI continuously monitors security risks created by your workforce, then uses those insights to help you automatically manage risks so that people prevent breaches and not cause them.
  • CybSafe, London, U.K. CybSafe is the Human Risk Management Platform for security teams dedicated to reducing human cyber risk. The next-generation behavioral analytics platform is built to integrate seamlessly with the modern tech stack. CybSafe enables companies of every size to leverage a wealth of scientific knowledge and expertise to gain a 360 view of their people’s security behaviors. Security professionals around the world use CybSafe to measure risk, influence behaviors, and bolster their resilience.
  • Hacware, Brooklyn, N.Y. HacWare is a 100 percent automated security awareness training and phishing simulation API that helps MSPs combat phishing attacks and BEC scams. Your users are the most important part of your cybersecurity stack. Create a powerful security education system that is easy, reliable and fast. Create personalized phishing campaigns and training solutions in minutes. Hacware’s easy integration options allow you to reduce your labor cost by 40 percent.
  • Hook Security, Greenville, S.C. Hook Security is a people-first company that uses psychological security training to help companies create a security-aware culture. Hook Security’s PsySec is a holistic approach to cybersecurity that acknowledges that simply being aware of cyber risks is not enough; individuals need to be actively engaged and empowered to protect themselves and their digital environments.
  • Hoxhunt, Helsinki, Finland. Combining AI, behavioral science, and advanced automation, Hoxhunt’s Human Risk Management Platform enables fully automated behavior change that enhances protect-detect-respond capabilities to measurably lower risk. Attacks start with targeting employees. So should the solution. With Hoxhunt, you’ll achieve real risk reduction with measurable security behavior change that keeps pace with an ever-evolving threat landscape. Go beyond awareness to real risk reduction.

  • Outkept, Ghent, Belgium. Outkept’s mission is to stop phishing attacks from being successful, by focusing on the human factor in your cyber defense. Simulate realistic phishing attacks with the help of ethical phishers who are rewarded by a bounty system, and strengthen your organization’s defenses. Campaigns are unique and tailored to your organization. Outkept provides continuous training and transparency on phishing vulnerability, and they guarantee safety and privacy protection.
  • Pistachio, Oslo, Norway. Pistachio is the new evolution of cybersecurity awareness training and attack simulations. Their fully automated platform does everything for you. Pistachio’s tailored cybersecurity training ensures your team stays protected from evolving threats while gaining the confidence to navigate with freedom. Your team’s time is valuable, and Pistachio respects that. Their training goes straight to your team’s inboxes, where they can tackle it at their own pace.
  • Right-Hand Cybersecurity, Lewes, Del. A Human Risk Management Training Platform that changes behaviors, empowering your workforce to see and stop cyber threats at first contact and reduce burdensome security alerts. The security awareness industry is shifting towards a more automated and personalized risk management approach. Right-Hand’s platform will pinpoint which employees are most breach-prone, and automate targeted training to them in real-time to reduce risk and change behavior.
  • Riot, San Francisco, Calif. In today’s world, we’re all targets for hackers — and the tools to protect us require a cybersecurity diploma, plenty of free time and deep pockets. Riot is on a mission to turn your employees into your company’s biggest cybersecurity asset, by building consumer-first products everyone loves. Phishing is taught by doing. Ensure your team is ready for phishing attacks by running real-life exercises.
  • SoSafe, Köln, Germany. Where technology meets real people, you want a solution that blends both too. With behavioral science and enterprise focus in their DNA, the SoSafe platform creates automated and engaging cybersecurity awareness training programs at scale. Manage your human risk, at very low touch. SoSafe sets organizations up for success — from implementation, to management, to measuring and optimizing the behavioral change impact of your awareness programs.

For information about this list, contact the editors at Cybersecurity Ventures.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.