Building a Human Firewall in a Highly Regulated Industry

Phishing is a constant threat, but with the right approach and training that threat can be significantly reduced. Find out how we helped a our client with over 100 users, achieve that goal.

Introduction

When you’re operating in a regulated industry, the stakes are high. A single phishing email can lead to a costly data breach, reputational damage, and compliance headaches. That’s why Intelligent Outsourcing, a firm of accountants and bookkeepers, turned to Heliocentrix for expert guidance. With John Speed acting as their vCTO (fractional CTO), we set out to transform their security culture and reduce risk across the board.

New to KnowBe4? Read our blog post for an overview and practical tips

Client Profile

A mid‑sized firm of accountants and bookkeepers with around 100 staff. They hadn’t suffered a major breach, but user confidence in spotting phishing emails was low, leading to risky clicks and a steady stream of “is this real?” tickets to IT.

The Challenge

The client wanted to reduce phishing‑related risk and cut down on unnecessary helpdesk tickets. Their key measurable goal: bring the phishing simulation failure rate below 5% — a big leap from the initial 50%.

Our Approach

With John Speed of Heliocentrix as their vCTO, we recommended and implemented the KnowBe4 Security Awareness Training platform. The standard package included:

  • Access to a full library of training materials and compliance modules
  • Weekly phishing simulations
  • Monthly training requirements (up to 20 minutes per user)

Beyond deployment, we provided:

  • Regular Reporting & Feedback: Reviewing KnowBe4 dashboards, identifying higher‑risk users, and directing training towards specific risks 
  • Messaging Support: Assisting the internal IT team with launch communications and ongoing engagement 
  • Governance Reviews: Monthly sessions with the IT Security subgroup to track progress and adjust strategy 
  • Technical Integration: Enabling Microsoft’s phishing‑report button for all users; integrating KnowBe4 with Microsoft 365 for SSO (single sign on); aligning mail flow, Defender for Office 365, and Microsoft Intune policies so training and simulations worked as intended 
  • Policy Development: Drafting initial phishing response policies, with more to follow

The Results

Over 12 months (October 2024 – September 2025), the results speak for themselves:

  • Phishing simulation failure rate dropped from 50% to around 5% 
  • Zero phishing‑related security breaches during the programme 
  • Noticeable reduction in phishing‑related helpdesk tickets
  • Increased user confidence and fewer “is this real?” queries

Get an expert review of your IT

Get an expert review of your IT

Dee Smith
Intelligent Outsourcing
““What I like about KnowBe4 is that it’s very geared towards users. The AI system sends out phishing simulation emails with different content to each users so that it feels more like the real world. We’ve seen a significant drop in successful phishing‑related incidents over the last year and we’re happy with the progress so far. The training has been relevant, bite‑sized and easy to fit in, which has helped us keep momentum without pushback.” “

TELL US WHAT YOU NEED

Arrange a 15 minute call to discover how IT could work harder for your organisation.