Keepnet – AI-powered human risk management platform logo
Menu
HOME > case studies > scaled phishing testing to 32000 employees

Customer Success Story: Whitbread

Scaled phishing testing to ~32,000 employees, moved from “a few days” of manual user imports per test to an automated workflow.

Scheduled 6 months of phishing simulations in advance, keeping the program running even if the owner is unavailable.

Organization: Whitbread

Scale: ~32,000 employees

Locations: UK + Germany

Successful Outcomes

  • Scaled phishing testing to ~32,000 employees, moved from “a few days” of manual user imports per test to an automated workflow.

  • Scheduled 6 months of phishing simulations in advance, keeping the program running even if the owner is unavailable.

  • Improved reporting visibility in Germany despite shared mailboxes (~80%) using a Microsoft integrated reporting setup.

The Starting Point

Whitbread wanted to run a fully managed, low effort security awareness program, so they signed a three year agreement with another vendor expecting the vendor to handle most of the heavy lifting. In practice, the team discovered the opposite: the internal security team still had to manage almost everything themselves, month after month.

On top of that, their environment had real operational constraints (limited access to their user directory/data source). That meant every phishing exercise required manual user handling, turning what should have been a repeatable process into a time consuming operational task, especially at enterprise scale.

This is the point many organizations reach: the need isn’t “more tools,” it’s a program that’s actually scalable and sustainable without adding workload to already stretched teams.

The Challenge

1) Phishing tests weren’t scalable

Every month, phishing tests required manually importing users, and at ~32,000 staff this “took a few days.”

Worse, the prior system didn’t store user details, so the work repeated from scratch each month.

2) The business needed resilience during constant change

Whitbread was restructuring teams (hundreds of staff moved/changed roles), while still needing consistent testing and reporting.

3) Real threats were hitting sites

They experienced multiple attacks in Germany in recent weeks, including an incident where malicious malware made it onto a site, contained quickly, but still a wake up call.

Why Keepnet

Whitbread didn’t switch vendors just to “try something new.” They needed a platform that would reduce operational workload, work within real world enterprise constraints, and still deliver a consistent, scalable phishing and training program.

Keepnet was selected because it matched the practical requirements that matter to security teams:

  • Automation that removes repeat manual work (so campaigns don’t rely on one person’s time every month)

  • The ability to operate even when access to directories or data sources is limited, common in large organizations

  • A responsive, hands on support model that helps teams configure workflows, answer technical questions, and keep the program running smoothly

In short: Whitbread chose Keepnet because it helped them run security awareness as an operationally sustainable program, not an ongoing internal project that drains time and resources.

Implementation Experience

Whitbread’s team emphasized that the approach became fully automated, with hands on enablement from customer support, so the program could keep running even if the main owner was unexpectedly unavailable.


They also highlighted fast response when issues came up.

What They Used Most

  • Automated phishing scheduling: Setting up the next six months of phishing tests in advance.

  • Operational segmentation: Moving from broad groups to more useful breakdowns (e.g., by site / departments) to support investigations and reporting needs.

  • Training content + branding: selecting training modules and sending them out, with the ability to brand content for Whitbread.

  • Germany realities: Expanding language usage where English/German aren’t first languages for a large portion of staff, and planning to use multilingual phishing tests more.

  • Reporting under shared mailbox constraints: Resolving data capture challenges in Germany where shared mailboxes were common, using an integrated Microsoft button approach to still capture reporting related data.

Results

  • Massive time reduction in campaign operations: moved away from “days” of monthly manual imports toward automated, repeatable testing.

  • Program continuity despite disruption: phishing testing remained achievable even through org changes and personal availability challenges, because schedules and execution could be set up ahead.

Momentum for continuous improvement: ongoing feature requests and reporting refinements (e.g., simplifying region/division reporting) to make results more actionable.

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.