Blog – EN

It is obvious that Microsoft offers a phishing simulation tool. Unfortunately, organizations that genuinely care about having attentive employees who are well-sensitized to cyber risks are not well served by it.

The great thing about trade show season is that you get to have personal conversations with many cybersecurity specialists. And I’ve just learned from several German and Swiss mid-sized companies that they have let their contracts with their awareness vendors expire and are instead relying on Microsoft Defender Attack Simulator. After all, this product is included with E5 licenses – so why use anything else?

Behavior-oriented awareness means the primary success metric is observable risk behavior change, not knowledge completion, positive feedback scores, or course consumption.

An entire industry often offers customers products and services with little benefit. And they even buy into it!

Today in 2026, the cybersecurity awareness market will be worth around USD 6.7 billion [1]. Created just over 20 years ago, it is dominated by awareness or SAT providers, which I regard to be second generation. Companies such as Proofpoint, Terranova, Knowbe4, Sans, Sosafe, Hoxhundt, or whatever they are called, secure the lion’s share of this market, which is expected to grow to just under USD 15 billion in 2031. In addition, there are hundreds of other players, such as CYBERDISE | Cybersecurity Awareness .

What is CYBERDISE Freemium Edition?
It is a free phishing tool and learning environment where users can complete cybersecurity courses. Technically speaking, it is an attack simulator and a lean LMS including a content editor and user management.

What does the solution include?
The phishing simulator, learning management functionalities, two dozen attack templates, a dozen e-learning modules on information security, a content editor for customizing templates, and recipient management.

Some may wonder why CYBERDISE Awareness provides a free solution for phishing simulations and cybersecurity training at the highest level. Anyone who thinks this is purely for marketing purposes is completely wrong.

I need to give a bit of background so you can understand our motivation for offering a free phishing tool. It’s about effectiveness, the market, and our own standards – and yes, also about marketing 😉

The Human in an AI-Driven Threat Landscape – AI did overpass the human in writing phishing emails in 2024 – already two years ago[1]. It is therefore not surprising that nowadays, virtually all phishing attacks are created by AI agents. They write more convincing phishing, in a personalized way and they can process huge volumes of messages at almost no cost. There will always be malicious messages that outsmart even the best filters and end up in your mailbox. And these will be all the more dangerous.

So, organizations must empower the employees and IT-engineers and they should respond with the same level of AI-enabled automation. That’s why Cyberdise applies AI where it matters most

CYBERDISE 3.0 contains significant new functionality in AI phishing, LMS and training, threat reporting and message analysis and even architectural enhancements. That’s why it’s a great release!

Version 3.0 since early 2026. Those who want to know what’s exactly in the release, please check out the release-notes. But here I’d like to cover the three to four features we love most.

The University of Osnabrück receives the “Awareness Customer of the Year 2026” award for the exemplary implementation of CYBERDISE in an on-premise configuration. No other customer has deployed our platform productively at a comparable speed: only a few weeks elapsed between order and the first productive campaign.

We were particularly impressed by the lean, efficient, and largely independent implementation – as well as the consistently professional, proactive, and prompt communication. This combination makes the University of Osnabrück a true showcase customer. We are all the more pleased that the university has agreed to become one of our reference customers.

In CYBERDISE AWARENESS, two concepts are often used interchangeably – attitude and behavior. They are related, but they are not the same. Confusing them is one of the main reasons why many awareness programs fail to deliver lasting risk reduction.

Attitude is shaped primarily through information, communication, and training. Traditional awareness programs focus heavily on this layer: policies, videos, e-learning, and explanations of “what could go wrong.”

Research confirms that training can indeed influence attitude. Employees often report higher awareness, stronger responsibility, and better understanding after training interventions.

In CYBERDISE AWARENESS, two concepts are often used interchangeably – attitude and behavior. They are related, but they are not the same. Confusing them is one of the main reasons why many awareness programs fail to deliver lasting risk reduction.

Attitude is shaped primarily through information, communication, and training. Traditional awareness programs focus heavily on this layer: policies, videos, e-learning, and explanations of “what could go wrong.”

Research confirms that training can indeed influence attitude. Employees often report higher awareness, stronger responsibility, and better understanding after training interventions.