The Hidden Cost of Managing Security Awareness Training: An MSP's Guide to Admin Time
Per-seat SAT fees are only half the story. Recurring admin time for campaign management, reminders, reporting, and user lists can become an unpriced operational cost.
Robbin Bun
DefendWise
The Hidden Cost of Managing Security Awareness Training: An MSP's Guide to Admin Time
When MSPs evaluate security awareness training platforms, they focus on the obvious number: the per-seat price. $1.50/user/month? $2.50? $4.99? The license cost is easy to compare, easy to model, and easy to present to leadership.
But there's a second cost that rarely makes it into the spreadsheet — and it's often larger than the license fee itself.
It's the time your team spends running the training.
The Admin Tax Nobody Talks About
Security awareness training platforms don't run themselves. Even the ones that claim to be "simple" or "easy to use" require a human being to do the following tasks, repeatedly, across every client:
Campaign creation and scheduling. Every phishing simulation and training campaign needs to be created, configured with the right templates, targeted to the right user groups, scheduled for the right dates, and tested before launch. For a multi-client MSP, this isn't a one-time setup — it's an ongoing cycle.
User management. Employees join companies. Employees leave companies. Employees change departments. Every change needs to be reflected in your SAT platform. Without automated directory sync (and even with it, in many cases), someone on your team is manually adding, removing, and updating user records.
Phishing template selection and customization. The best phishing simulations are tailored to each client's industry and context. A law firm shouldn't get the same phishing template as a manufacturing company. Someone has to review templates, select appropriate ones, and potentially customize them for each client.
Report generation and delivery. Clients want to see their numbers. Compliance auditors require them. Someone has to pull reports from the platform, format them into something presentable, add context and commentary, and deliver them to each client. Monthly. For every client.
Exception handling. Executives who don't want to be phished. New hires who need onboarding. Users who failed a simulation and need remediation. VIPs who need different training tracks. Every exception is a manual intervention.
Platform maintenance. Software updates, SSO configuration, API integrations, directory connections, alert configurations. The platform itself needs care and feeding.
Quantifying the Time
How much time does all of this actually take? The answer varies by platform, automation level, and the number of clients you manage. Treat SAT admin as a recurring operational workload, not a one-time setup task.
Here's a rough breakdown:
| Task | Hours/Month (Estimated) |
|---|---|
| Campaign creation and scheduling | 3–5 |
| User management and directory sync | 2–3 |
| Phishing template selection/customization | 1.5–2.5 |
| Report generation and client delivery | 3–4 |
| Exception handling | 1–2 |
| Platform maintenance and troubleshooting | 1.5–2.5 |
| Total | Track internally |
At a fully loaded cost for a technician or security analyst, even modest recurring admin can become meaningful unbillable labour.
And that's assuming things go smoothly. A platform migration, a major client onboarding, or a compliance audit can double those hours in a given month.
Why It Matters More Than You Think
Admin hours are a sneaky cost because they don't show up as a line item. They show up as opportunity cost.
Those 15 hours per month are unbillable. Your team is spending time on internal operations, not client-facing work that generates revenue. A senior technician doing SAT administration for 15 hours a month is a senior technician who isn't doing 15 hours of billable project work.
It doesn't scale gracefully. Adding five new clients doesn't add a proportional amount of admin time — it adds more than proportional, because each new client means new user lists to manage, new campaign configurations, new reporting obligations, and new exception requests.
It creates key-person risk. In most MSPs, SAT administration falls to one or two people who know the platform. When they're on vacation, sick, or leave the company, campaigns don't get launched, reports don't get pulled, and the whole program stalls.
It discourages coverage expansion. The admin burden is a real reason MSPs don't train all their clients. It's not just the per-seat cost — it's the knowledge that every new client you add to the platform is another set of campaigns to manage, another report to generate, another user list to maintain.
The Admin Time by Platform
Not all platforms are created equal when it comes to admin burden. Here's a realistic assessment:
KnowBe4. A full-featured platform, but often hands-on. Campaign setup is flexible but manual. Reporting is powerful but requires configuration. The sheer number of options means more decisions for your team to make at every step.
Proofpoint SAT. If you're already in the Proofpoint email security ecosystem, integration may be smoother. But campaign management and evidence preparation can still require manual work.
Huntress SAT (3–6 hrs/mo). The "managed" approach meaningfully reduces admin time. Huntress runs campaigns on your behalf, which eliminates the biggest time sink. You're still responsible for user management and reviewing results, but the campaign creation burden is largely lifted.
Arctic Wolf. Managed service with a dedicated concierge, which reduces some admin tasks. But initial setup and ongoing user management still require attention.
AI-native platforms like DefendWise. Automation from enrollment through reporting can reduce recurring admin. Connect a directory, and AI-assisted workflows help with campaign creation, content generation, phishing simulations, user management, and report generation.
Calculating Your True Cost of Ownership
The formula is simple but most MSPs never run it:
True Annual SAT Cost = (Per-Seat Fee × Seats × 12) + (Monthly Admin Hours × Hourly Cost × 12)
Here is an illustrative model for an MSP with 600 seats. Actual vendor prices and labour costs vary by plan, term, volume, region, partner program, and internal staffing model:
| Platform | License Cost | Admin Cost | True Cost | Effective Per-Seat |
|---|---|---|---|---|
| KnowBe4 Gold | $18,000 | $9,600 | $27,600 | $3.83/user/mo |
| Proofpoint | $10,800 | $7,200 | $18,000 | $2.50/user/mo |
| Huntress | $7,200 | $2,880 | $10,080 | $1.40/user/mo |
| Arctic Wolf | $28,728 | $4,800 | $33,528 | $4.66/user/mo |
| DefendWise | $4,788 | Reduced by automation | Depends on internal process | Depends on usage |
When you include admin time, the gap between platforms can widen. The important point is to compare total operating cost, not just subscription price.
The way to reduce admin cost is to remove as much recurring human campaign management as possible — through automation, directory sync, scheduled reporting, and reusable policy defaults.
What Reduced Admin Actually Looks Like
It's worth being specific about what "reduced admin time" means in practice, because broad automation claims can sound like marketing shorthand.
Here is the workflow on an automated, AI-native SAT platform:
- Connect your client's directory (Azure AD, Google Workspace, or CSV upload). This takes about 60 seconds.
- Users auto-enroll. No manual user creation. No seat counting. No group configuration.
- AI generates training content personalized to each user's role, industry, and risk profile. No template selection. No campaign scheduling.
- AI runs phishing simulations with dynamically generated emails tailored to each user. No manual phishing campaign setup.
- Reports generate automatically and are available on-demand in the portal. No report pulling. No formatting. No delivery scheduling.
When a new employee joins the client's directory, they can be enrolled automatically. When someone fails a phishing simulation, remediation can trigger automatically. When a compliance audit is due, the report should already be ready to export.
The difference is not a smaller manual checklist. It is a different operating model that reduces recurring manual admin.
Making the Business Case
If you're evaluating SAT platforms and admin time isn't part of your calculation, you're making a decision with incomplete data. Here's how to bring it to your leadership team:
Track your current admin hours for one month. Have whoever manages your SAT platform log their time by task category. Use your own data rather than relying on a benchmark.
Calculate the fully loaded cost. Include salary, benefits, and overhead for the person doing the work. $50/hour is a reasonable benchmark for a mid-level technician.
Calculate the opportunity cost. What would that person be doing instead? If they're capable of $100/hour billable project work, the opportunity cost doubles the direct cost.
Run the true cost comparison. Use the formula above to compare platforms on total cost of ownership, not just license fees.
The platform with the lowest per-seat rate isn't necessarily the cheapest platform to run. The platform that reduces recurring admin may be cheaper to operate, even when the licence price is not the only line item.
DefendWise reduces recurring SAT admin with AI-assisted workflows from enrollment to reporting. $399/month, flat rate under fair use. See how it works →