Case Study: DEW21 achieves 54% reduction in phishing click rate and stronger NIS2 compliance with SoSafe

A pioneer in cyber security awareness for critical infrastructures in Europe

DEW21, the Dortmund energy and water supplier with around 1,000 employees and ISO 27001 certification, needed to strengthen human risk management across its regulated critical-infrastructure operations and prepare for European rules like NIS2. To meet these requirements and create a solution that could be scaled across the 21 Group, DEW21 chose SoSafe’s security awareness program, including phishing simulations, short e-learning modules and the Sofie Rapid Awareness integration.

SoSafe implemented a multichannel awareness campaign—regular phishing simulations, targeted e-learning, a phishing report button with IT feedback, and plans to roll out Sofie—to improve detection and reporting and drive behavior change. The results were rapid and measurable: phishing click rates dropped by 54% in the first year, 43% of phishing tests were detected and reported, employee satisfaction averaged 4.9/5, and overall acceptance and resilience across DEW21 increased significantly.

DEW21

Jens Feistel

Chief Information Security Officer