Phishing simulation costs: what does it cost?

What do phishing simulations cost?

There is no fixed market price. The range is wide: budget automated tools where you do everything yourself sit at one end, while specialist providers like CoBoo offer a fully managed programme from intake to final report at the other.

As a benchmark: a simple, one-off phishing simulation for a company of 20 to 50 employees typically costs between €1,000 and €3,000 at a professional provider. For larger organisations or multiple scenarios this rises to €5,000 and above.

Important perspective: The average cost of a successful phishing attack on an SME is €70,000 to €150,000. A simulation that prevents that pays for itself many times over.

Factor 1: company size

The number of employees is the most important pricing factor. More employees means more email addresses, more recipient variation and a more extensive report. Most providers charge per employee or use pricing bands.

Factor 2: number and complexity of scenarios

A simple simulation with a single generic scenario costs less than a campaign with three custom scenarios per department. More advanced variants require more preparation:

• Generic scenario (fake parcel, fake Microsoft): lowest cost, broadly applicable
• Company-specific scenario (supplier name, department name): higher prep, better learning moments
• Segmented campaign per department: higher complexity, more data value
• Multi-stage attack (email + landing page + login attempt): maximum realism, highest cost

Factor 3: reporting and analysis

The value of a phishing simulation lies in the data. CoBoo includes as standard:

• Click rate per scenario and overall
• Department and location breakdown
• Comparison with sector benchmarks
• Management summary for directors or board
• Concrete recommendations for follow-up and training

Factor 4: follow-up training

A phishing simulation without follow-up is a missed opportunity. Employees who click learn most when they are immediately guided to a learning module at the moment of clicking. CoBoo works with Lumyo Awareness Training for e-learning follow-up. A combined package (simulation plus awareness training) is cheaper than buying both separately and delivers measurably better results.

Factor 5: one-off or recurring programme

A one-off measurement gives insight but no proof of improvement. Organisations that choose an annual or bi-annual programme also get a repeat measurement showing how much awareness has improved. Benefits include:

• Satisfies NIS2 and ISO 27001 requirements (demonstrably recurring testing)
• Shows development: from baseline to improved awareness
• Lower rate per campaign through ongoing partnership
• Different scenarios each round keep employees sharp

What are CoBoo's prices?

CoBoo works with a fixed project price for businesses with 20 to 250 employees. That price is transparent and always includes the intake conversation, campaign design, the simulation itself and the final report with management summary.

We don't publish fixed rates because the price genuinely depends on your specific situation. What we promise:

• No hidden costs: what is agreed is what you pay
• Fixed price per project, not per click or hour
• No-obligation quote conversation without commitment
• Honest advice about what your organisation actually needs