Frequently Asked Questions

At SoSafe, behavioural science is in our DNA. We believe that to create a sustainable security culture, you need to put people first and provide truly engaging experiences. Traditional security awareness training is broken and does not cater for the needs of a hybrid workforce. Our behavioural science-based training adds various elements such as immersive storytelling and data-enabled gamification for deeper user engagement and lasting behavioural change. Say goodbye to long boring classroom lectures and hello to impactful learning experiences!

Cyber-attacks are becoming increasingly sophisticated, and it is more important than ever that employees are always up to date with the latest social engineering tactics. Security habits can only take hold through continuous awareness, as teachings from one-time trainings are likely to be forgotten. We use a variety of tactics, content formats and channels to keep users engaged in a way that feels fresh and new each time. This prevents boredom and fatigue and facilitates the development of long-term habits.

We treat all customer data equally sensitive and have implemented strict security measures and controls governing this data. Within SoSafe, only authorized SoSafe employees have access to customer data stored within our systems. All access is restricted to privileged groups unless requested and reviewed for validity of the request. Unauthorized or inappropriate access to customer data is treated as a security incident and managed through our incident management process. This process includes instructions to notify affected customers if a breach of policy is observed.

We have an implementation time of 20 days requiring zero to low implementation efforts on your side and a dedicated Customer Success Manager will assist you throughout your journey with SoSafe, including the kick-off phase.

No, there is no limit on the number of employees you can sign up for SoSafe’s awareness training.

The following browsers are supported: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, and Microsoft Internet Explorer 11.

Currently, we support 32 different languages across the world.

You can personalise our platform with your learning content, policies, and corporate brand identity. With our Content Management solution, you will be able to customize e-learning to your needs to increase learning adoption, understand the maturity of your security culture and be audit-ready anytime.

Organisations using SoSafe typically see remarkable results: up to 70% reduction in phishing click rates, 80% fewer logins on fake pages, and implementation in just 2 days with our managed-service option. Customers see measurable increases in security awareness scores within just a few months. Our behavioural science-based approach ensures these improvements are sustainable over time. We’ll show you benchmarks and real-world results during the demo, plus detailed analytics to quantify your human risk reduction and demonstrate ROI to stakeholders.

Absolutely. SoSafe is trusted by over 5,500 organisations worldwide across industries including finance, healthcare, public sector, and technology, with more than 4.5 million users managing their human risk through our platform. We maintain a 4.9/5 rating on Capterra for best-in-class customer impact and are recognised by industry experts. We’ll share relevant case studies during the demo so you can see what organisations similar to yours have achieved.

Yes, one of our awareness specialists will contact you promptly to schedule a personalised demo at a time that works for you. There’s no obligation — the goal is to give you the information you need to evaluate SoSafe. During this call, they’ll provide real-time answers to your questions, understand your specific needs, and show you exactly how SoSafe fits into your security strategy.

Absolutely. We meet the highest security and privacy standards, including ISO 27001 certification, full GDPR compliance, NIS2, HIPAA, and other data protection regulations. We’re the only security awareness platform provider operating at scale that follows a privacy-by-design approach. Data protection is built into every feature.

Yes. Content is tailored to your sector, roles, and compliance requirements. You can add your own branding, policies, and scenarios, ensuring training feels relevant and engaging to your employees.

You’ll have a dedicated customer success manager, best-practice guidance, and technical support. Larger deployments also benefit from optional managed-service support.

Pricing is based on the size of your organisation and the scope of features you need, typically structured per user. We offer transparent, straightforward pricing with no hidden fees. We’ll provide a clear, tailored quote that aligns with your specific requirements and budget, ensuring you get the best value for your investment in security culture.

Our reporting is powered by the Human Risk OS™ – a modern, unified platform that continuously monitors human risk in real time. It provides behavioural insights, a dynamic Human Security Index, and targeted interventions to proactively reduce risk across your organisation.

SoSafe is built on a privacy-by-design philosophy and fully complies with GDPR and ISO 27001 standards. All customer data is stored securely on European servers, encrypted in transit and at rest with SoSafe-controlled keys. You decide how training and simulations are tracked – anonymously, individually, or a mix of both – giving you full control over data handling. We follow strict data minimisation and deletion policies (e.g. DIN 66399) to ensure employee privacy is always safeguarded.

Organisations see phishing click-rates decrease by up to 70% within the first year, 80% fewer logins on fake pages, alongside improved reporting rates and significantly increased reporting of suspicious emails. Our behavioural science approach ensures these improvements are sustainable. You’ll receive detailed metrics showing progress over time, individual and team performance data, and clear ROI calculations to demonstrate compliance and the value of your security awareness investment.

Yes. We simulate attacks across email, SMS, QR codes, social media attacks, phone-based attacks (vishing), and USB drops — reflecting all the channels your employees actually face. This comprehensive approach ensures your team is prepared for the full spectrum of social engineering attacks. You can run coordinated campaigns across different channels or focus on specific vectors based on your organisation’s threat landscape.

Simulations are adapted to your industry, threat landscape, user roles, department, risk profile, and previous performance. The platform automatically adjusts difficulty levels and content relevance for each user, making them realistic while avoiding unnecessary disruption. You can also customise templates with your organisation’s branding, terminology, and specific scenarios relevant to your business context.

Users receive instant, constructive feedback — whether they reported correctly or clicked. This real-time learning reinforces good behaviour and helps reduce risk without shaming. Admins can track results in real-time and spot risk patterns across the organisation, with follow-up training automatically triggered based on individual needs.

Set-up is fast – you can launch your phishing simulations in minutes using ready-to-use templates. For complex, multi-stage campaigns, setup typically takes less than an hour, and our team can support you through every step. The user-friendly interface makes campaign creation simple, and you can schedule simulations to run automatically.