🚨  NIS2 is now in effect. Security awareness is now legally required in the EU.

Check compliance
Start your free trial
Back to Resource Center

What is Hoxhunt and how does it work? (Overview and FAQ)

Hoxhunt is a cybersecurity training solution, focused on defending organizations against phishing attacks and other forms of social engineering. It’s a gamified training platform, designed to engage employees with videos and interactive quizzes. Hoxhunt aims to improve users’ ability to recognize phishing emails and related threats and to report them effectively.

How does Hoxhunt work?

Hoxhunt deploys simulated phishing attacks to help organizations build a proactive security culture, turning its employees into a security-savvy “human firewall.” It combines personalized learning experiences with real-time feedback, motivating users and enhancing retention of security know-how.

Hoxhunt automatically delivers short training sessions to learners, using their assessed skill level to choose the most appropriate modules. Trainings are brief, covering topics like phishing, malware, physical security and safe internet browsing.

Hoxhunt sends out automated phishing simulations to employees. Employees who report the emails are rewarded with points that accumulate and allow them to achieve spots on a leaderboard. Employees who click on simulated links or otherwise interact incorrectly receive additional training.

By training employees to identify threats and rewarding them for successful detection, Hoxhunt’s goal is to lower the likelihood that phishing attacks will succeed. At the same time, it aims to strengthen an organization’s overall cybersecurity posture.

Pros of Hoxhunt

Automation: Hoxhunt is an automated platform, requiring minimal administration.

Personalization: Hoxhunt allows for a great deal of personalization. Trainings are selected for each learner based on their initial assessment and their performance in phishing simulations and interactive tasks, such as quizzes.

Customization: Phishing simulations can be customized to make them more convincing.

Brevity: Training modules are short, and designed to pack a lot of useful information into bite-sized chunks that are easy to follow and retain.

Gamification and engagement: Hoxhunt’s gamified approach makes the learning experience more enjoyable and encourages learners to stay engaged. The leaderboard contests allow users to measure their performance against other participants, motivating them to try harder.

Effectiveness and ROI: Hoxhunt is generally seen as one of the more effective training platforms on the market, producing measurable improvements in security awareness and avoiding expensive and damaging cyber security breaches.

Multilingual: Hoxhunt offers localization in numerous major languages, making it ideal for international companies.

Customer service: Many reviewers have praised Hoxhunt’s quality customer service, noting that agents go above and beyond to support users in adopting and running the platform.

The homepage of Hoxhunt

Cons of Hoxhunt

Initial setup: Some admins report that the initial setup for Hoxhunt is more difficult than they anticipated. Integrating the platform with existing email systems and cybersecurity tools can be tricky in some cases.

User experience: While the interface for learners is very user-friendly, the admin dashboard isn’t very intuitive and can be difficult to use.

Simulation frequency: Most users who commented were happy with the number of simulated phishing emails they received, but some found the number of emails overwhelming and disruptive.

Negative employee reactions: Some users may find the simulations confusing and frustrating, leading to overcaution when dealing with legitimate emails and false positive reports. This can affect productivity.

Limits to customization: Hoxhunt allows a degree of customization for its phishing simulations, but this isn’t very extensive. Users with specialized training needs may find the limits restrictive.

Reporting and analytics: Some admins have found Hoxhunt’s reporting and analytics features difficult to use and lacking in detail.

Cost: Hoxhunt’s pricing isn’t transparently communicated on their website. Our latest research shows that a 2-year subscription for 100 users costs 11.2K, which amounts to about €4.85 per month, per user. This is indeed very high compared to the industry average.

Key features

Phishing simulations: Hoxhunt generates realistic simulated phishing emails, which are sent out to learners just like regular emails. These emails mimic the kinds of tactics that real attackers use. Learners have the option to report these emails, gaining points for doing so.

Reporting plug-in: Hoxhunt provides a plugin that can be integrated with most email platforms. This plugin is used to report suspected phishing emails (including Hoxhunt’s simulations).

Gamification: Game-like features help make learning more engaging. These include points, rewards and leaderboards.

Real-time feedback: Learners who interact with simulated phishing emails are given instant feedback on their performance.

Reporting and analysis: Hoxhunt provides reporting and analysis tools so that administrators can gauge the performance of learners and the overall effectiveness of the training.

Adaptive content updates: New and evolving threats are incorporated into Hoxhunt’s training, ensuring the content is current.

Customizable training: Hoxhunt offers (limited) customization options to tailor training to the needs of specific organizations.

What makes Hoxhunt unique?

What is Hoxhunt doing differently from other platforms? In many ways, Hoxhunt is similar to competing solutions. It offers much the same features as comparable products, such as baselining, gamification, simulated phishing attacks, etc. Hoxhunt differentiates itself with an emphasis on engagement and positive reinforcement. The training materials contain more interactive elements than some of its rivals, making learning a less passive experience. When users “fail” a phishing simulation, they are provided with relevant training that encourages them to learn more rather than feeling as if they’re being penalized. There’s a strong emphasis on giving learners positive reinforcement when they perform well, helping them to stay motivated and engaged.

Which companies use Hoxhunt?

Hoxhunt is used by many companies across a range of sectors. Financial services, healthcare providers, IT and software developers, manufacturing and industrial companies and professional services all use Hoxhunt. Here are some of the big names that use this platform:

  • Airbus
  • Nokia
  • DocuSign
  • IGT
  • AES
  • Accell Group
  • Eliza
  • Victorinox

What customers say about Hoxhunt

Mukesh Kumar R., Database Administrator: “The platform offers personalized, on-demand training modules to help employees understand cybersecurity best practices, focusing on phishing, password hygiene, data protection, and other security topics. It provides immediate feedback when users interact with phishing simulations, helping them learn from their mistakes and reinforce good security behaviors.”G2

Yash K., Associate Infrastructure Support Engineer: “Some participants feel that the phishing simulations can become repetitive over time, making the training feel less engaging or impactful after a while.” – G2

Avinash S., Infrastructure Support Analyst: “Hoxhunt provides a seamless interactive learning experience where users can gain knowledge about the latest cyber threats, how to remediate and how to tackle such.”G2

Joanne A., Analytics Translator: “Limited customization in training content — feel restricted by the available templates.”G2

Akhil G., DataOps Analyst: “Hoxhunt is an excellent cybersecurity service that gamifies building phishing awareness for enterprise and regional teams. Training is tailored to function or role type or general and does not feel like a generic add-on app, but rather one that integrates seamlessly during day-to-day workflows.”G2

Joe J., BDA Developer and Subject Matter Expert: “Sometimes some of the emails received are more clearly ‘Hoxhunt’ mails when they reference addresses in other countries / different currencies.”G2

Who is the CEO of Hoxhunt?

The CEO and co-founder of Hoxhunt is Mika Aalto. Aalto is an expert in big data and machine learning. He is an experienced entrepreneur, who has been developing businesses for over 20 years. He holds a Master’s Degree in SBL, Software Business and Engineering, and Technology Law.

Where is Hoxhunt located?

Hoxhunt is headquartered in Helsinki, Finland. They also have a US office in Minneapolis, MN.

What to use instead of Hoxhunt

There are various organizations that look for alternatives to Ninjio for several reasons:

  • Ninjio can take a while to set up for admins
  • The admin dashboard isn’t considered user-friendly
  • Their pricing structure isn’t transparent

If you’re looking for a security awareness platform that is both efficient for your end-user and admins, Guardey can be your go-to solution.

Guardey – Duolingo for security awareness training

Guardey makes security awareness training engaging through gamification, turning learning into a fun, interactive experience. Each week, users participate in short, 3-minute micro-challenges that cover a range of topics, such as phishing, device protection, CEO impersonation scams, and password security.

Setting up Guardey only takes about five minutes of your time. Simply invite all your users (which can be done via Entra ID or similar integrations) and start the automated training program. There is no need to set up any content yourself, your users automatically get new, relevant training content every week.

To keep motivation high, Guardey integrates several gamified elements:

  • Weekly challenges: Consistent participation and streaks reward users with extra points.
  • Storytelling: Users take on the role of defenders, protecting a virtual organization from cyber threats.
  • Achievements: Earning badges for strong performance or high participation keeps users motivated.
  • Leaderboard: A company-wide leaderboard fosters a sense of friendly rivalry among colleagues.

Guardey is often referred to as the Duolingo of security awareness training. With short and fun challenges, we make the learning experience engaging and effective.

💡 Learn more about how Guardey makes security awareness training fun

Dinela Lokvancic
Dinela Lokvancic Marketing Specialist Dinela keeps Guardey's online presence up to date. She creates content that makes complex cyber security topics accessible, and helps organizations understand why security awareness training matters for their teams.
READY TO GET STARTED?

Join 500+ businesses already protecting their teams with Guardey

Start your free 14-day trial
14 days free · No credit card · Full access · Setup in 5 minutes
Or schedule a personalised demo