Blog – EN

What is CYBERDISE Freemium Edition?
It is a free phishing tool and learning environment where users can complete cybersecurity courses. Technically speaking, it is an attack simulator and a lean LMS including a content editor and user management.

What does the solution include?
The phishing simulator, learning management functionalities, two dozen attack templates, a dozen e-learning modules on information security, a content editor for customizing templates, and recipient management.

Some may wonder why CYBERDISE Awareness provides a free solution for phishing simulations and cybersecurity training at the highest level. Anyone who thinks this is purely for marketing purposes is completely wrong.

I need to give a bit of background so you can understand our motivation for offering a free phishing tool. It’s about effectiveness, the market, and our own standards – and yes, also about marketing 😉

The Human in an AI-Driven Threat Landscape – AI did overpass the human in writing phishing emails in 2024 – already two years ago[1]. It is therefore not surprising that nowadays, virtually all phishing attacks are created by AI agents. They write more convincing phishing, in a personalized way and they can process huge volumes of messages at almost no cost. There will always be malicious messages that outsmart even the best filters and end up in your mailbox. And these will be all the more dangerous.

So, organizations must empower the employees and IT-engineers and they should respond with the same level of AI-enabled automation. That’s why Cyberdise applies AI where it matters most

CYBERDISE 3.0 contains significant new functionality in AI phishing, LMS and training, threat reporting and message analysis and even architectural enhancements. That’s why it’s a great release!

Version 3.0 since early 2026. Those who want to know what’s exactly in the release, please check out the release-notes. But here I’d like to cover the three to four features we love most.

The University of Osnabrück receives the “Awareness Customer of the Year 2026” award for the exemplary implementation of CYBERDISE in an on-premise configuration. No other customer has deployed our platform productively at a comparable speed: only a few weeks elapsed between order and the first productive campaign.

We were particularly impressed by the lean, efficient, and largely independent implementation – as well as the consistently professional, proactive, and prompt communication. This combination makes the University of Osnabrück a true showcase customer. We are all the more pleased that the university has agreed to become one of our reference customers.

In CYBERDISE AWARENESS, two concepts are often used interchangeably – attitude and behavior. They are related, but they are not the same. Confusing them is one of the main reasons why many awareness programs fail to deliver lasting risk reduction.

Attitude is shaped primarily through information, communication, and training. Traditional awareness programs focus heavily on this layer: policies, videos, e-learning, and explanations of “what could go wrong.”

Research confirms that training can indeed influence attitude. Employees often report higher awareness, stronger responsibility, and better understanding after training interventions.

In CYBERDISE AWARENESS, two concepts are often used interchangeably – attitude and behavior. They are related, but they are not the same. Confusing them is one of the main reasons why many awareness programs fail to deliver lasting risk reduction.

Attitude is shaped primarily through information, communication, and training. Traditional awareness programs focus heavily on this layer: policies, videos, e-learning, and explanations of “what could go wrong.”

Research confirms that training can indeed influence attitude. Employees often report higher awareness, stronger responsibility, and better understanding after training interventions.

What features were we able to roll out? A review.

Modern attacks happen in seconds, but awareness teams often work in days or weeks. We wanted to close this gap. CYBERDISE 2025 brings together AI reconnaissance, autonomous campaign components, multi-organizational management, and a revamped content ecosystem. It’s a platform that not only trains, but also systematically scales security culture—from medium-sized businesses to MSSPs. At the end of the year, we will showcase the features developed this year that will help you achieve this goal. Which ones are you not familiar with yet? Take a look for yourself at the end of this article!

Recent discussions around the effectiveness of cybersecurity awareness have been reignited by high-profile media coverage. Most prominently, a Wall Street Journal article drawing on the study “Understanding the Efficacy of Phishing Training in Practice” questions whether phishing simulations and awareness training lead to meaningful risk reduction.

The debate itself is healthy. The conclusions drawn from it, however, require more nuance.

A growing body of empirical research shows that well-designed cybersecurity awareness programs do improve real-world cyber risk behavior. What often fails is not awareness as such, but narrow interpretations of what awareness is, how it should be embedded organizationally, and how success should be measured.

How many phishing simulations should be conducted and how frequently users should be confronted with cybersecurity eLearning is a recurring topic in consulting for awareness programs and campaigns.
This topic is far from academic – it’s highly relevant for practical application.
A sensitization effect, once achieved, begins to crumble after about three months, and after six months, maximum erosion has essentially been reached. There are solid studies on this, and our latest scientific research shows a very similar result.
However, the statements made about the quantity and timing of awareness measures must be considered with nuance. It would be dangerous to derive simple, universally applicable rules from them.