Case Study
Anglo-Eastern
At a Glance
Training completion scores of 90–93% within the first year
Phish-prone™ Percentage decrease from 50% to 5% with monthly training
As many as 200 phishing emails reported daily via the KnowBe4 Phish Alert Button
Anglo-Eastern Ship Management Cuts Phish-prone™ Percentage by 55% with KnowBe4
Establishing good cyber hygiene across an organization can be a struggle. With a large crew spread across the high seas, the challenge can seem insurmountable—unless you have the right platform.
Anglo-Eastern Ship Management is a Hong Kong vessel management company with more than 750 ships in their fleet. They ship 68 million tons of cargo annually and provide technical, crew and leisure management with a team of 2,250 shore personnel and 32,000+ seafarers.
Anglo-Eastern believes their employees are the first and strongest line of defense, so the best way to improve cyber hygiene and build a strong cybersecurity culture was to teach staff about the threats.
Industry
Maritime
Location
Hong Kong
Challenge
Regular phishing email attacks impacting a diverse workforce spread all over the world; relevant cybersecurity training needed top to bottom in the organization
KnowBe4 Products
“We wanted to enhance our employees’ awareness about cybersecurity and teach them how to protect information,” explains Anglo-Eastern Ship Management Head of Information Security (CISO) Xerxes Kiok Kan.
Growing Pressure Brings Cybersecurity to the Forefront
Approximately one in three maritime professionals experiences a cyberattack every year, according to research by assurance and risk management company DNV. This rate has climbed 17% from 2019 to 2024, with 70% of people surveyed saying they feel more vulnerable to cyberattacks than ever before.
With the increasing number of cyberattacks, the team was worried the increased pressure would lead to security breaches, especially among newer employees.
“There were a few challenges,” Kiok Kan says. “We wanted to enhance training, but we were worried about having to generate a variety of content and we wanted to move quickly.”
The Anglo-Eastern team quickly began developing a cybersecurity awareness plan that had:
- Relevant coursework: Anglo-Eastern needed a wide variety of content to comprehensively address data protection. This content would ideally include everything from threat awareness to data privacy, phishing and incident reporting.
- Ongoing, engaging content: Cybersecurity constantly evolves, so it didn’t make sense to follow a static model that treated training as a one-and-done project. Kiok Kan and the team wanted content that featured interactive quizzes and real-life scenarios to drive the points home and continue to be relevant as new threats emerged.
- Flexibility and adaptability: The maritime industry is in a race to secure itself against threat actors. A dynamic, dedicated platform would help the organization increase flexibility and readiness to implement threat responses fast.
With these requirements in mind, they set out to find a platform.
See KnowBe4 Security Awareness Training in Action
See how you can efficiently safeguard your organization from sophisticated social engineering threats.
A Modern Approach to Cybersecurity Awareness
Anglo-Eastern evaluated several security awareness products based on their flexibility, content and training modules, and the KnowBe4 Platform emerged as the top choice. The comprehensive platform offered many opportunities for growth and functionalities beyond the initial requirements.
One of the things that tipped the scales was the phishing simulator, where the platform sends simulated phishing emails to test users. In addition to measuring the organization’s defense capabilities, the team could use data from these tests to inform further training opportunities.
They began with a three-month trial. During that time, they experimented with a KnowBe4 Phish-prone™ Percentage (PPP) campaign to measure the percentage of employees most likely to click on a phishing link.
Their results: around 50%–60% of users tested were prone to phishing. It was much higher than expected, and they were determined to improve the results by partnering with KnowBe4 to roll out content and security training in earnest.
Monthly Training Drops Phish-prone™ Percentage to 5%
Since then, Anglo-Eastern has implemented monthly security training across their entire workforce. Every employee, from the lowest-level staff member to the CEO, receives a micro-training email from KnowBe4 on the first weekday of the month. The content combines KnowBe4’s built-in material with training unique to Anglo-Eastern.
“I recall when AI suddenly became a cybersecurity concern. In less than a month, there was content in KnowBe4 about AI cybersecurity risks, which helped a lot. I just reviewed the content and we were good to go,” Kiok Kan says. “We don’t have to spend a lot of time creating the content, and since most of us are not content creators, that’s a big value add.”
The material provides useful, relevant information regarding company cybersecurity policies and how to report phishing emails to relevant authorities. It also takes less than six minutes to complete. Within a year, they’ve experienced completion scores of 90–93%.
Remembering the initial phishing campaign results, they also started using KnowBe4 to regularly send phishing simulation emails and test users’ knowledge. Those campaigns paid off during a near miss, where a massive phishing campaign targeted Anglo-Eastern from a single origin. They received an influx of reporting—around 200 emails in a day, demonstrating that KnowBe4 has an ongoing impact.
“In the past, users just clicked it or forwarded phishing emails. Now, they’re using the KnowBe4 Phish Alert Button (PAB) to report,” Kiok Kan says.
Anglo-Eastern has dropped its Phish-prone™ Percentage from 60% to just 5%—and those employees in the 5% bracket are typically new staff who haven’t received security training yet.
“At the end of the day, it’s all about building the baseline, which is awareness for each staff— understanding the policies and how they respond during an incident or a phishing attempt. That’s the big value of this platform,” Kiok Kan says.
“I’m very proud to say we use KnowBe4. Maritime is still catching up with cybersecurity, and I believe KnowBe4 can help anyone build a strong cybersecurity culture.”
Xerxes Kiok Kan, Head of Information Security (CISO), Anglo-Eastern Ship Management
Staying Ship-Shape With KnowBe4
More than 76% of maritime professionals believe their cybersecurity training isn’t advanced enough to withstand sophisticated threats. This isn’t the case at Anglo-Eastern, where the cybersecurity culture is stronger than ever.
“In the past, people didn’t understand why we were doing this or why we need to have a password complexity for our organization,” Kiok Kan says. “KnowBe4 content helps us build this awareness for our staff.”
As a result, Anglo-Eastern has become one of the only ship management companies to receive platinum recognition in the Cyber Security Staff Awareness Recognition Scheme. Their goal is to continue investing in cybersecurity training to create a near-impenetrable defense against evolving threats in the maritime industry.
“I’m very proud to say we use KnowBe4,” Kiok Kan says. “Maritime is still catching up with cybersecurity, and I believe KnowBe4 can help anyone build a strong cybersecurity culture.”