## Pricing Analysis
Training vendors typically charge on a per-user annual subscription basis. Simple phishing simulations and training modules can cost just a few dollars per user, while more advanced programs with gamified courses, compliance tracking, and reporting can run tens of dollars per user each year.
Enterprises with thousands of employees must account for scale, which can push contracts into the high six figures. Additional services like customized training content, managed phishing campaigns, and analytics dashboards are usually sold in higher-tier packages.
## Quarterly Trends & News
| Theme | Update |
|---|---|
| **Human error still dominant** | Distraction, pressure, and lack of awareness remain top root causes of breaches. |
| **Proven ROI of training** | Mature training programs cut phishing susceptibility by up to 80%. |
| **AI-powered lures** | Deepfakes and AI-crafted phishing emails require more advanced simulation and detection exercises. |
| **Culture over compliance** | Organizations focus on embedding security into daily habits, not just annual training modules. |
| **Metrics-driven programs** | PPP (phish-prone percentage) and reporting rates become core KPIs. |
## Common Terms & Definitions
| Term | Definition |
|---|---|
| **Phish-Prone %** | Percentage of users who fall for simulated phishing emails. |
| **Just-in-Time Training** | Contextual prompts delivered when risky behavior is detected. |
| **Security Culture** | The degree to which security-conscious behavior is normalized in an organization. |
| **Role-Based Training** | Tailored modules for high-risk functions like finance or system administration. |
| **Reporting Rate** | The proportion of phishing attempts reported by employees. |
