businessupdatecalldeck

Acquisition Update

©2021 KnowBe4 | Confidential2 This presentation contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Forward-looking statements generally relate to future events or our future performance. In some cases, you can identify forward-looking statements because they contain words such as “will,” “expect,” “plan,” “anticipate,” “going to,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “potential” or “continue” or the negative of these words or other similar terms or expressions that concern our expectations, strategy, priorities, plans or intentions. Forward-looking statements are inherently subject to risks and uncertainties, some of which cannot be predicted or quantified. You should not put undue reliance on any forward-looking statements. Forward-looking statements should not be read as a guarantee of future performance or results and will not necessarily be accurate indications of the times at, or by, which such performance or results will be achieved, if at all. The forward-looking statements in this presentation are based on information available to us as of the date hereof, and we disclaim any obligation to update any forward-looking statement, whether as a result of new information, future developments or otherwise, except as required by law. In light of these risks and uncertainties, the forward-looking events and circumstances discussed in this presentation may not occur, and actual results could differ materially from those anticipated or implied in the forward-looking statements. Forward-looking statements in this presentation include, but are not limited to, statements regarding the proposed acquisition of SecurityAdvisor Technologies, Inc. (“SecurityAdvisor”); the integration of SecurityAdvisor into the KnowBe4 platform; our ability to leverage SecurityAdvisor’s business relationships; our expectations regarding branding of new products under development; our expectations regarding future product performance, including regarding the risk reduction capabilities of SecurityAdvisor’s technology; our ability to integrate SecurityAdvisor’s engineering talent into the KnowBe4 organization; the impact of the transaction on our business and platform, including the expected increases in KnowBe4’s ARR, revenue and expenses; the impact of the transaction for our customers; the anticipated expansion of our TAM from products under development; our ability to attract new customers, retain existing customers, and expand our cross-selling capabilities; and our expectations regarding our business strategy and plans and objectives of management for future operations of KnowBe4 and its subsidiaries. Our expectations and beliefs regarding these matters may not materialize, and actual results in future periods are subject to risks and uncertainties, including changes in our plans or assumptions, that could cause actual results to differ materially from those projected. These risks include our inability to complete the transaction, our ability to integrate SecurityAdvisor’s technology into our platform and talent into our organization, our ability to develop new products and services and enhance our existing products and services, our ability to attract and retain customers, our ability to develop new products and services and enhance existing products and services, and our ability to compete in the rapidly changing cybersecurity environment in which we operate. The forward-looking statements contained in this presentation are also subject to other risks and uncertainties, including those more fully described in our Quarterly Report on Form 10-Q for the fiscal quarter ended June 30, 2021. It is not possible for us to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results or outcomes to differ materially from those contained in any forward-looking statements we make. In addition to the GAAP financials, this presentation includes certain key metrics, including annual recurring revenue (“ARR”). We define ARR as the annualized value of all contractual subscription agreements as of the end of the period. We perform this calculation on an individual contract basis by dividing the total dollar amount of a contract by the total contract term stated in months and multiplying this amount by twelve to annualize, and then we aggregate ARR for each individual contract to arrive at total ARR. ARR does not have a standardized meaning and therefore may not be comparable to similarly titled measures presented by other companies, which could reduce the usefulness of ARR as a tool for comparison. ARR should be viewed independently of revenue, deferred revenue and remaining performance obligations and is not intended to be combined with or to be a substitute for any of those items. Specifically, ARR, as calculated under the definition herein, does not adjust for the timing impact of revenue recognition for specific performance obligations identified within a contract. ARR is not a forecast and the active contracts at the date used in calculating ARR may or may not be extended by our customers. This presentation also contains estimates and other statistical data made by independent parties and by the Company relating to market size and growth and other industry data. These data involve a number of assumptions and limitations, and you are cautioned not to give undue weight to such estimates. The Company has not independently verified the statistical and other industry data generated by independent parties and contained in this presentation and, accordingly, it cannot guarantee their accuracy or completeness. In addition, projections, assumptions and estimates of its future performance and the future performance of the markets in which it competes are necessarily subject to a high degree of uncertainty and risk due to a variety of factors. These and other factors could cause results or outcomes to differ materially from those expressed in the estimates made by the independent parties and by KnowBe4. The trademarks included herein are the property of the owners thereof and are used for reference purposes only. Such use should not be construed as an endorsement of the products or services of the Company or this proposed offering. This presentation has been prepared by KnowBe4, Inc. ("we," "us," "our," or the "Company") for the exclusive use of the party to whom the Company delivers this presentation. Disclaimer

©2021 KnowBe4 | Confidential3 Company Product TAM Considerations Target Audience Headquarters: Sunnyvale, California Founded: 2018 Brand new category that adds an estimated TAM of ~$5B Increases KnowBe4’s TAM to a ~$23B Real-time user behavior analysis with micro-learning integrated to Slack/Teams fed by active integration to existing leading security stack layers. 100% SaaS model. Reduces IT Admin/SOC workload. Estimated Purchase Price: $80M ($50M at Closing, net of acquired Cash / $30M in Incentives) Expected to Close: Q4 2021 Expected Integration: Second Half of 2022 Medium SMB to Enterprise Purpose Integrating security alerts from InfoSec layers (Network/EP/etc) to identify real-world security failures remediated via real-time micro-learning to correct behavior Acquisition Details

©2021 KnowBe4 | Confidential4 Security Advisor Already has 50 Integrations Within the Most Important Vendors of the Entire Security Ecosystem Core Tech Platforms Endpoint Network/Web Email Identity Data Other (SOAR/SIEM)

©2021 KnowBe4 | Confidential5 The Most Exploited Layer in Cybersecurity: The Human Layer Social Engineering Risk Technical Error Risk Human Process Technology Deep Fakes Business Email Compromise Phishing SMShing Endpoint Infection Web ViolationMFA Deception at Scale Misuse of TechnologyKMSAT According to the Verizon 2021 Data Breach Investigations report, 85% of data breaches involved a human element.

©2021 KnowBe4 | Confidential6 Human Detection & Response: The Human Defense Layer Awareness Behavior Culture Security IT Security Budget Security Awareness Training Phishing Simulation & Analysis SOAR Capabilities SOC Budget Real-Time Security Behavior Analysis Micro-Learning Expected New Category: Human Detection & Response SOC Budget Entry Point Improves Existing Security Layers CIO/CISO Strategic Deeper Alliance Opportunities

©2021 KnowBe4 | Confidential7 Human Detection & Response Strategic InfoSec Integration Correlation of real-world security behavior with existing security stack to identify and remediate vulnerabilities and improve efficacy of the SOC SAT & Phishing Simulation Users are taught security fundamentals and tested with frequent phishing campaigns Real-Time Behavior Response Unsecure user behavior is identified and remediated via real-time micro- learning

©2021 KnowBe4 | Confidential8 The Expanded KnowBe4 Platform Produces Quantifiable Results Across the Entire Security Stack 37.9% 14.1% 4.7% Month 0 Month 3 Month 12 8X Reduction in Phish Prone Percentage KMSAT Platform use resulting in 8x less users clicking on phishing attack emails Current KnowBe4 Capabilities: 9,978 135 Month 4Month 1 -99% 52 25 Month 1 Month 4 -52% 250 450 Month 1 Month 3 +80% 99% dip in Endpoint Infection Web Violations reduced by 50%+ High risk users identified by PaloAlto Traps were corrected Zscaler detected web violations reduced within 4 months MFA User Count increased by 80% Integrated with G- Suite to coach users to enable MFA Security Advisor (illustrative customer examples) Note: Security Advisor data is reflective of individual customer examples and does not represent a full sample size of results.

©2021 KnowBe4 | Confidential9 Strategic Rationale Motion Improvement Global Diversification1 Real-time User AnalyticsMulti-Product Leverage R&D Talent Deeper InsightsCross-Sell Capabilities Greater Wallet Share Go to Market Platform Expansion Enhanced Capabilities Additional ~$5B TAM ExpansionRoadmap Acceleration Capability Expansion Further Integration into Security Ecosystem More Value from Security Stack Vendor Integration 1Our R&D headcount now includes locations in India and California, in addition to our existing locations in Florida, Brazil and South Africa

©2021 KnowBe4 | Confidential10 KnowBe4 Products and Monetization Model Monetization Model Priced Per Used By Security Awareness Training Compliance Plus Compliance Admin Compliance AdminsEmployee General Users IT Admins Adoption Organization-wide Land Subscription (1 or 3 yr.) priced per user Multi-tiered product offering Cross-sell Within Existing Base Subscription (1 or 3 yr.) priced per user Subscription (1 or 3 yr.) priced per organization Attach to New Sale / Cross-Sell Subscription (1 or 3 yr.) priced per user Attach to New Sale / Cross-Sell Subscription (1 or 3 yr.) priced per user Budget Location IT/Security Admin Compliance SOC SOC / CISO Compliance SOC

©2021 KnowBe4 | Confidential11 Expected to Close: Q4 2021 Expected Integration: Second Half of 2022 Full Incentive Payout if the New Product Generates $40M in ARR in Year 3 Estimated Purchase Price: $80M • $50M Upfront ($22.5M Cash, $27.5M Stock) • $30M Incentives ($5M Cash, $10M Stock, $15M RSU) Deal Mechanics