What is included at every paid tier?

Every paid tier includes the same feature set. Buyers do not pick from a feature matrix; the difference between tiers is user count and discount level, not capability. Included at every tier: multi-channel phishing simulation across email, SMS (smishing) and voice (vishing); five intent categories and three difficulty tiers (easy, regular, hard) of templates refreshed to track current attacker tradecraft including AI-generated lures, AiTM proxies and callback phishing; auto-assigned remediation training the moment a user clicks a simulated phish; cyber-insurance and audit-ready reporting as one-click PDF exports formatted for SOC 2, HIPAA, PCI DSS, NIST CSF and ISO 27001 auditors; Outlook one-click reporting add-in; multi-language deployment across major workforce languages with locale-aware lure templates.

Is there a free trial?

Yes. A free trial covers up to 25 users with no credit card required and full access to the same platform paid customers use. Setup to a launched first campaign is approximately 30 minutes and includes auto-assigned remediation training when users click.

Prices

Unbeatable pricing for a great security investment

HOME
pricing

Pricing Table

Please enter in the number of users you would like to train and/or phish and then select the contract term (in years) that you would like to sign up for. Pricing is volume based and is also discounted with longer terms.

Users

Contract Term

	Professional per user	Advanced per user	RECOMMENDED Training & Phishing per user	Training Only per user	Phishing Only per user
Base Security Awareness Training: - Full 45 minute module - Condensed 30 minute module - Refresher 15 minute module
Primer 101 Training Modules: - Phishing - Passwords - Safe Internet Browsing - Mobile Device Security - Social Media Security - Handling Sensitive Information
Unlimited Access To All Training Modules
Unlimited Use Of Simulated Phishing Tool
Hundreds Of Real World Phishing Templates
In-The-Moment Learning Pages For Users Who Click
Easy to use portal
Reporting and intuitive interface
Money Back Guarantee*
Total:
	Purchase	Purchase	Purchase	Purchase	Purchase

* If you woud prefer a formal quote or invoice please email sales@baitandphish.com
** We provide further discounts to Government, Education, Health and Non-Profit organizations.
***If you would like to have this service fully managed please contact us for more informtion.

How Bait & Phish pricing works

Pricing is per-user-per-year, billed annually with a monthly option for buyers who need it. The pricing table above lists the per-user rate at common employee-count breakpoints; volume discounts apply automatically at the published thresholds without sales involvement. Mid-market and enterprise procurement teams who prefer ACH or wire transfer can switch billing methods after signup; the platform itself is identical at every tier.

What's included at every paid tier

The platform includes the same feature set at every tier. Buyers do not pick from a feature matrix; the difference between tiers is user count and discount level, not capability.

Multi-channel phishing simulation across email, SMS (smishing) and voice (vishing) from a single dashboard.
Five intent categories and three difficulty tiers (easy, regular, hard) of templates - curated rather than encyclopedic, refreshed on a regular cadence to track current attacker tradecraft including AI-generated lures, AiTM proxies and callback phishing.
Auto-assigned remediation training the moment a user clicks a simulated phish, with module library covering phishing recognition, BEC awareness, password hygiene and incident reporting.
Cyber-insurance and audit-ready reporting as one-click PDF exports formatted to the questions carriers and SOC 2, HIPAA, PCI DSS, NIST CSF and ISO 27001 auditors actually ask.
Outlook one-click reporting add-in for users to flag suspicious mail directly from the inbox - the channel mechanic that drives report rate as the active-detection counterpart to click rate (why both metrics matter).
Multi-language deployment across major workforce languages, with locale-aware lure templates and remediation training where available.

Scaling and multi-tenant deployment

The platform is built 100% in the cloud and scales to organizations of any size. Largest active customer deployment runs continuous campaigns against a 60,000-employee workforce across multiple countries; smallest paid customer is a five-employee professional services firm. The same dashboard, the same export format and the same template library cover both ends. For multi-tenant deployments (MSPs, MSSPs, vCISO firms managing many small customers), see the MSP/MSSP reseller guide.

If you are not yet ready to commit to paid pricing, the 25-user free trial is the fastest way to see how the platform fits your environment. For environment-specific scoping (large-tenant SSO, regulated industry, multi-language requirements), contact us directly.

Comparing to KnowBe4 and enterprise alternatives

Bait & Phish delivers the same end result KnowBe4 and other enterprise security-awareness platforms produce - simulated phishing emails sent to your workforce, automated reports to IT and security, assigned remediation training the moment a user clicks - at a fraction of the price. The savings come from a deliberately-scoped product (we do phishing simulation and security awareness training; we don't sell adjacent compliance-training catalogs, ID-management or GRC modules), transparent published pricing (no sales-call gating) and a real free trial that runs in your environment for real users rather than a guided demo. Read the full KnowBe4-alternatives comparison or the 1-on-1 KnowBe4 vs Bait & Phish breakdown for feature-by-feature treatment. If you have already decided and are planning the switch, the 90-day KnowBe4 migration plan covers timing, data export, parallel-run sequencing and the cyber-insurance broker conversation.

Cyber-insurance vendor-panel recognition. Bait & Phish is named on the approved-vendor panels of multiple major US cyber-insurance carriers. The underwriters themselves have evaluated the platform and treat its simulation-program output as satisfying the questions they ask on renewal applications. For organizations whose broker has handed back a "show us your phishing-simulation evidence" request, that pre-approved-vendor status shortens the conversation considerably. The platform satisfies every box major US cyber-insurance carriers ask about: continuous monthly cadence, multi-channel coverage (email, SMS, voice), automated remediation training, paired click-through-rate and report-rate trend reporting, board-tier export packets, written policy artifacts.

Easy whitelisting. One of the most-cited operational pain points with enterprise-tier phishing-simulation platforms is the days of trial-and-error required to get simulations past Microsoft 365 / Exchange / Google Workspace spam filters reliably. Bait & Phish provides documented whitelisting paths for each method (IP-based, email-header, SPF-record) across each platform, plus dedicated bypass guides for Office 365 Advanced Threat Protection and junk-folder routing. Deployment typically completes in a single admin session. The full whitelisting guide covers the configuration choices and gotchas.