What is SoSafe?

SoSafe is a cyber security awareness platform based in Cologne, Germany, that helps organizations protect their employees against social engineering attacks. Founded in 2018, the company has grown into one of the leading European providers in this space, serving over 4,000 customers worldwide according to their own figures.

SoSafe's approach combines AI-powered phishing simulations with interactive e-learning modules and behavioral science methods. The platform is particularly well-established in the DACH region and natively complies with GDPR requirements — a decisive advantage over US-based competitors for European organizations.

Disclaimer: This article is an independent assessment. e2 Security has no commercial relationship with SoSafe. We advise our clients on vendor-neutral awareness solution selection.

Core Features of the Awareness Training

The SoSafe platform covers the essential building blocks of a modern cyber security awareness program:

Phishing Simulation

SoSafe sends realistic but harmless phishing emails to employees. Templates are based on current threat intelligence and continuously updated. When an employee clicks on a simulated attack, they are immediately redirected to an interactive learning page — a so-called teachable moment that builds awareness more effectively than traditional training formats.

E-Learning Modules

The platform offers over 30 interactive learning modules covering topics such as password security, social engineering, secure remote work and data protection. Modules are designed as micro-learning units (5–15 minutes) and leverage gamification elements like quizzes and progress tracking.

Reporting and Analytics

A central dashboard displays the organization's awareness maturity level in real-time: click rates on phishing simulations, e-learning completion rates and risk scores by department. This data is also relevant for compliance obligations under KRITIS and NIS2.

Who is SoSafe Best Suited For?

  • Mid-sized companies (100–1,000 employees): The platform scales well and requires no dedicated security trainer. Onboarding support is tailored to SMEs
  • Large enterprises and corporations: Enterprise features such as SSO integration, custom branding and multi-tenant dashboards for subsidiaries
  • Critical infrastructure operators: Built-in compliance evidence for BSI requirements and ISO 27001 (Annex A.7.2.2)
  • Organizations with high phishing risk: Industries like finance, healthcare and public administration benefit particularly from regular simulations

Alternatives to SoSafe

SoSafe is not the only option on the market. Depending on company size, budget and specific requirements, other platforms may be a better fit:

KnowBe4

Largest provider worldwide with over 60,000 customers. Extensive template library with thousands of phishing templates. Strengths: scalability, broad content offering. Weakness: US-based company, GDPR compliance requires additional configuration.

Proofpoint Security Awareness

Combines awareness training with real email security data. Phishing simulations are based on actual threats detected in Proofpoint's email security infrastructure. Ideal for organizations already using Proofpoint as their email gateway.

Hornetsecurity

German provider with an integrated approach: email security, backup and awareness in one platform. Particularly interesting for organizations seeking an all-in-one solution and using Microsoft 365.

Hoxhunt

Finnish provider with a strong focus on gamification and adaptive learning. The platform automatically adjusts difficulty based on individual employee behavior. Well-suited for tech-savvy organizations.

What to Look For When Choosing

Choosing the right awareness platform depends on several factors. From our consulting practice, we recommend systematically evaluating the following criteria:

  1. Language and localization: Are all contents available in the languages your workforce needs? A native-language interface and GDPR-compliant data processing are essential for EU organizations
  2. Phishing simulation: How realistic are the templates? Are they regularly updated to reflect current threats? Can the IT department create custom templates?
  3. Reporting: Does the platform provide the evidence you need for your compliance requirements — particularly for NIS2 or ISO 27001?
  4. Integration: Can the platform integrate with your existing IT infrastructure (SSO, Active Directory, SIEM)?
  5. Scalability and pricing: Awareness platforms typically charge 2–8 EUR per employee per month. For 500 employees, that's a budget of 12,000–48,000 EUR per year — the range is considerable

Practical tip: Before selecting a platform, run an initial phishing simulation to measure your baseline. Most providers — including SoSafe — offer free trial periods or pilot projects. This gives you a reliable baseline for before-and-after comparison.

Frequently Asked Questions

Is SoSafe GDPR-compliant?

Yes. SoSafe is a German company headquartered in Cologne and hosts all data in European data centers. The platform was designed for GDPR requirements and provides standard DPA (Data Processing Agreement) contracts.

How much does SoSafe cost?

SoSafe does not publish public pricing. License costs depend on company size, selected feature set and contract duration. Industry standard for platforms of this class is 3–6 EUR per employee per month. For a binding quote, we recommend contacting SoSafe directly.

Can SoSafe cover ISO 27001 and NIS2?

SoSafe addresses the awareness component of these standards — specifically ISO 27001 Annex A.7.2.2 (awareness) and the NIS2 requirement for regular employee training. However, full compliance requires additional measures across the cyber security spectrum: technical controls, vulnerability management, incident response and a documented ISMS.

Awareness Strategy for Your Organization

We provide vendor-neutral consulting on selecting the right awareness platform — from needs assessment to vendor comparison and implementation.

>> Request Consultation