Skip to content
Search
Support
 Select language
Cancel

Case Study

Cebu Pacific

At a Glance

Phish-prone™ Percentage (PPP) reduced from 81% to 6%

Consistent cybersecurity awareness training and testing provided for 6,000 employees across geographies

Initial deployment in one division has been expanded across two additional divisions

Increased proactive reporting of phishing emails using KnowBe4’s Phish Alert Button

Cebu Pacific Strengthens Cybersecurity Culture with KnowBe4

Cebu Pacific, the Philippines’ leading airline, connects thousands of travelers daily across Asia and beyond. With more than 4,000 employees dispersed primarily throughout the Philippines, the airline recognized the critical need for robust cybersecurity practices.

Prior to 2017, Cebu Pacific had no dedicated cybersecurity team and lacked essential security controls. The arrival of a new cybersecurity director marked a turning point. The airline invested significantly in a host of different cybersecurity priorities, including the CIS framework’s recommendation for a security awareness training platform.

The cybersecurity director researched platforms to help build cybersecurity awareness for Cebu Pacific’s employees and found that KnowBe4 was ranked highly by a well-known technology analyst firm. Further research showcased that KnowBe4 was also unique in the industry for having a complete digital workforce security portfolio, including training modules and testing capabilities.

Industry

Aviation

Location

Philippines (with global reach)

Challenge

High vulnerability due to lack of cybersecurity awareness training; needed to build a robust cybersecurity culture amongst a large, international employee base

KnowBe4 Products

Once the decision to implement the KnowBe4 Platform was made, the security director handed the deployment and management of the program over to two other employees: Bernadette N. Uycoque, manager for security operations, and Jan Kirby L. Cruz, manager for IT governance, risk and compliance.

“We knew we needed to address cybersecurity head on and in a big way, so we took swift action to finance and deploy a layered approach across the organization,” Uycoque says, “In doing so, we prioritized security awareness and training and KnowBe4 became foundational in our strategy to build a strong cybersecurity culture.”

With the successful roll out and usage of KnowBe4, two Cebu Pacific subsidiaries have also deployed the platform. Today, more than 6,000 Cebu Pacific users are trained and tested on the KnowBe4 platform.

An Evolving Cybersecurity Awareness Program

caucasian-data-center-technician-doing-securityCebu Pacific needed to understand how likely their users were to click on a phishing link, something KnowBe4 refers to as the Phish-prone™ Percentage (PPP).

Upon deploying KnowBe4 in 2017, the company conducted a baseline phishing test that revealed a staggering 81% PPP, underscoring significant vulnerabilities. The company implemented regular security awareness training to educate employees about cyber threats, and tested their knowledge and skills frequently.

Over the past eight years, Cebu Pacific has expanded its training significantly, using a combination of regular cybersecurity proficiency assessments, targeted phishing tests and specialized “clicker” training for those employees prone to phishing attempts.

Today, Cebu Pacific conducts an annual Security Awareness Proficiency Assessment (SAPA) and semi-annual awareness training focused on emerging risks and needed skills identified by the SAPA testing. It also tests users’ skills with quarterly phishing tests and provides extra quarterly “clickers” training for users who have struggled to identify simulated phishes.

“With KnowBe4, we have reduced our PPP from a high of 81% to a mere 6% today. We’ve evolved from basic annual training to a comprehensive and highly customized program that’s tailored to our needs,” Cruz says. “Training and testing are run directly through the KnowBe4 Platform, which makes it easy for users to log in and participate. We can also easily run reports and show our results which our management team likes to see.”

Free Training Preview

Get instant access to 1,000+ interactive modules, games, and videos from top global partners.

Get Started

Boosting Employee Engagement and Confidence

KB4-CR-0699-Cebu-Pacific-Airways-Employee-800 (1)Initially, Cebu Pacific’s HR team expressed concerns, worrying that employees might experience training fatigue from the regular training and testing initiatives. However, feedback from employees highlighted strong enthusiasm for the program and positive engagement resulting in a 96% completion rate for the SAPA testing and a comparable 97% of employees completing security awareness training. A recent cybersecurity culture survey confirmed that employees now perceive cybersecurity training as essential and beneficial, rather than burdensome.

“Employees expressed gratitude for acquiring valuable cybersecurity knowledge they could apply not just at work, but also in their personal lives,” Cruz says.

Additionally, internal communication materials and posters from KnowBe4’s ModStore have been widely used and customized to further reinforce cybersecurity messages throughout Cebu Pacific’s offices.

Transformative Phishing Awareness Results

The impact of Cebu Pacific’s training initiatives has been remarkable. The company’s PPP plummeted from a high of 81% in 2017 to just 6% by 2024.

“Our consistent use of KnowBe4 has significantly improved our employees’ awareness and vigilance,” Cruz says. “The continuous decline in our Phish-prone™ Percentage demonstrates a successful cultural shift towards cybersecurity awareness.”

Employees now proactively use KnowBe4’s Phish Alert Button to report suspicious emails, streamlining investigations and allowing the security team to respond quickly. “Even though our current response to these alerts is manual, the Phish Alert Button has empowered employees to participate actively in cybersecurity,” Uycoque says. “This collaboration has tremendously improved our defensive posture.”

KnowBe4 has been such a success that two Cebu Pacific subsidiaries—1Aviation Groundhandling and Aviation Partnership Philippines—have started using the platform.

“We deployed KnowBe4 across two other subsidiaries representing 2,000 additional users,” Cruz says. “Our management team has been extremely pleased with KnowBe4 and sees it as a strategic investment in our future.”

“We highly recommend KnowBe4 … It’s not just a training platform—it’s a strategic tool that’s changed our cybersecurity landscape.”

Jan Kirby L. Cruz, Manager for ITGovernance, Risk and Compliance, Cebu Pacific

A Strategic Cybersecurity Partnership

Looking ahead, Cebu Pacific plans to further leverage KnowBe4’s capabilities, including potential integration of KnowBe4’s PhishER offering, a lightweight SOAR platform and full incident response platform.

“KnowBe4 has played a critical part in building our cybersecurity program from the ground up,” Uycoque says. “We look forward to deepening this partnership and further strengthening our cybersecurity defenses.”

Consistent cybersecurity awareness training and testing provided for 6,000 employees across geographies

Part of the success of the KnowBe4 platform deployment is that Cebu Pacific’s leadership is actively engaged in the program’s outcomes. Management actively participates in training and encourages their teams, embedding cybersecurity awareness firmly into the organizational culture.

“We now have executives actively reminding each other about cybersecurity practices,” Cruz says proudly. “KnowBe4 has significantly shifted our organizational mindset.”

“We highly recommend KnowBe4 not just within our organization but across any organization serious about cybersecurity,” Cruz says. “It’s not just a training platform—it’s a strategic tool that’s changed our cybersecurity landscape.”

Download the PDF