Rythm vs KnowBe4: Filtering vs Training
KnowBe4 is security awareness training. Rythm is an inbox filter. Different categories, complementary if you have the budget for both.
KnowBe4 is the largest and most-discussed security awareness training company. The product is built around simulated phishing campaigns and on-demand training content that teaches users to recognize phishing attempts. The company went public in 2021, was taken private again in 2023, and serves a substantial portion of the mid-market security awareness training market.
Rythm is a different product solving a different problem with a different mechanism. This post is the honest comparison.
The Quick Version
KnowBe4 is security awareness training and simulated phishing. The product runs simulated phishing campaigns against the customer’s employees, measures click-through rates, and assigns training modules to users who click. Over 12 to 18 months, click-through rates typically drop from a baseline of 25-30% to around 5-10%. The product also provides on-demand training content covering broader security topics.
Rythm is an inbox-layer filter. It checks whether the sender is on the user’s auto-built guest list and asks unknown senders for a small cover charge. Setup is twelve minutes, configuration is mostly automatic, and the price is $1.65 per month for one user.
The two are not direct substitutes. KnowBe4 trains humans to recognize attacks. Rythm reduces the volume of attacks that reach the inbox. Both are useful. They operate on different layers.
What KnowBe4 Gets Right
Simulated phishing works. The data on training-driven click-rate reduction is consistent across industry studies and across KnowBe4’s own published statistics. The methodology (run a realistic-looking phishing simulation, follow up with training for users who fall for it, repeat over time) produces measurable behavior change. Trained employees do click less.
The training content library is substantial. KnowBe4 maintains a large library of training modules covering not just phishing but broader security topics: data handling, social engineering, password management, mobile device security, regulatory compliance. For a customer that wants a single vendor for all security awareness training, the breadth is meaningful.
The reporting and analytics are mature. KnowBe4 provides per-user click-rate trends, departmental comparisons, training completion rates, and benchmarks against industry averages. For a security or compliance team that has to demonstrate program effectiveness to leadership or auditors, the reporting is real value.
The compliance fit is broad. Many regulatory frameworks (HIPAA, PCI-DSS, SOC 2, ISO 27001) require security awareness training, and KnowBe4’s training catalog and tracking is structured to support compliance documentation.
For mid-market and enterprise customers with a security awareness function, KnowBe4 is a defensible choice.
Where KnowBe4 Has Limitations
The limitations are mostly about what training can and cannot accomplish.
Training reduces click-through rates, but not to zero. Even with extensive training, click-through on well-crafted phishing emails typically stays in the 5-10% range. The reduction is meaningful (especially compared to the 25-30% baseline) but it does not eliminate the risk. Some attacks will succeed because the human is sometimes the wrong layer to defend at.
Training cost is per-user. KnowBe4 pricing scales linearly with employee count, which is fine for a 200-person business and burdensome for a 5-person practice. The per-user cost typically runs $20 to $50 per user per year for smaller-business tiers, rising for larger organizations and additional modules. For a small practice, the cumulative cost can be meaningful.
The program-management burden is real. Running a simulated phishing program requires someone to administer it: customizing campaigns, reviewing results, assigning training, communicating with users about the program. None of that is hard for a security team. All of it is overhead for a solo professional or a 3-person practice.
The training is downstream of attack volume. KnowBe4 trains users to handle the attacks that reach them. Reducing the volume of attacks that reach the user is a separate problem that training does not address.
Where Rythm Differs
Rythm uses a different mechanism for a different problem. Three structural differences:
Layer. Rythm sits at the inbox layer and changes what reaches the user. Training sits at the human layer and changes how the user responds to what reaches them. Different layers, different mechanisms.
Volume vs response. Rythm reduces the volume of unsolicited mail reaching the inbox by asking unknown senders for a small cover charge. Training does not affect the volume; it affects the response to whatever volume arrives.
No human cooperation required. Rythm runs automatically. Users do not have to learn anything. The cover charge gate operates regardless of user attention or training level. Training requires sustained user engagement and produces partial results even when the engagement is high.
We covered the design philosophy in why we chose deterministic and the broader frame in phishing awareness training: what it catches and what it misses (forthcoming).
The Comparison Table
| Dimension | KnowBe4 | Rythm |
|---|---|---|
| Product category | Security awareness training | Inbox-layer filter |
| Target audience | Mid-market and enterprise | Individuals and small teams |
| Mechanism | Simulated phishing + training | Identity check + cover charge |
| Reduces attack volume | No | Yes |
| Reduces click-through on attacks that arrive | Yes (baseline drops 25-30% to 5-10%) | Indirect (less volume reaches user) |
| Per-user cost | ~$20 to $50 per user per year | $1.65 per month flat |
| Setup complexity | Program-scale (weeks to months) | Self-service (12 minutes) |
| Requires user engagement | Yes (sustained training) | No |
| Compliance documentation | Yes | Indirect |
| Stops mass cold outreach | No | Yes (cover charge changes economics) |
| Earnings to recipient | No | Yes (cover charges settle to your wallet) |
Who Should Choose What
Choose KnowBe4 if you are a mid-market or enterprise organization with a security or compliance function that needs documented security awareness training, you have the per-user budget for sustained training, and you can administer the program. The training is genuinely effective for the audiences and threats it targets.
Choose Rythm if you are an individual, a solo professional, or a small business without a training program. Rythm reduces the volume of attacks that reach you, which is a structural defense that does not depend on user behavior or sustained engagement.
Run both if you are a mid-market business with both the budget and the security function. Training covers credential phishing, BEC awareness, and broader social-engineering patterns. Rythm covers the volume of unsolicited mail that competes for attention. The combination is strong because the two layers do not interfere with each other.
What Training Actually Catches and What It Misses
Training is most effective against:
- Recognizable phishing patterns (urgency, unusual sender, suspicious links).
- Known social-engineering techniques (CEO impersonation, fake invoices, urgent transfer requests).
- Common credential-phishing pages.
Training is less effective against:
- Compromised vendor or partner accounts (the email is from a trusted source).
- Highly targeted attacks engineered to look legitimate.
- New attack patterns that have not yet been incorporated into training.
- Time-pressured situations where the user does not have time to think through the training.
The structural insight: training raises the bar but does not eliminate the risk. The remaining risk is the survivor-bias subset of attacks that defeat trained recognition. That subset is where structural defenses (filtering, MFA, verification protocols) matter most.
A Specific Honest Note
KnowBe4 is a serious product that does what it claims to do. The per-user cost and program-management overhead are real, but the training value is real too.
Rythm is a different product solving a different problem. We reduce the volume of attacks that reach the inbox, which is a structural defense complementary to training. Most small businesses without a security function will get more practical value from inbox-layer filtering than from a full training program, because the filter runs automatically and the program requires sustained engagement that small businesses often cannot sustain.
The combination of training plus filtering is the strongest stack. The single tool depends on what you can sustain operationally.
For the related comparisons, see Rythm vs Cofense (forthcoming), Rythm vs Proofpoint, and Rythm vs Microsoft Defender for Office 365. For the broader frame, see the anatomy of a modern phishing email and what is BEC. Rythm is $1.65 per month, cancel anytime.