ThriveDX Lucy

Security Awareness Visit website →
Best for: Enterprises needing multilingual phishing simulations with on-prem deployment options
Pricing: Contact for pricing

What ThriveDX Lucy actually does

Lucy — now part of ThriveDX — is a phishing simulation and security awareness platform that originated in Switzerland. The core product runs simulated phishing, smishing, and vishing campaigns against your employees, tracks who falls for them, and delivers targeted training to close gaps.

What sets Lucy apart is deployment flexibility. You can run it fully on-premises, in your private cloud, or as a SaaS. For organizations with strict data sovereignty requirements — government, defense, Swiss financial institutions — the on-prem option means employee behavioral data never leaves your infrastructure.

The platform includes dark web monitoring that scans for exposed employee credentials and alerts your security team. Training content spans multiple attack types and is available in numerous languages. The campaign builder is granular, letting you craft highly targeted simulations that mimic real threat actor techniques.

Who it’s best for

  • Organizations with data sovereignty requirements that mandate on-prem deployment of awareness tools
  • Multinational enterprises needing phishing simulations in many languages
  • Security teams that want granular control over phishing campaign design and targeting
  • Government agencies and defense contractors in Europe and APAC
  • Companies that want dark web credential monitoring bundled with their awareness platform

Pricing reality check

Lucy pricing depends on deployment model and employee count. On-prem licenses are typically perpetual with annual maintenance, while the SaaS option is subscription-based. The on-prem route has higher upfront cost but can be cheaper over a multi-year period for large deployments.

Compared to KnowBe4 or Proofpoint, Lucy is often less expensive per seat — but you may spend more on deployment, configuration, and maintenance, especially for on-prem installations. Factor in the operational overhead before comparing headline prices.

Alternatives to consider

  • KnowBe4 — Larger content library and simpler SaaS deployment. No on-prem option.
  • SoSafe — Behavioral science-driven European platform. Better GDPR compliance story, but SaaS only.
  • Cofense — Strong phishing simulation and user reporting. More focused on the phishing use case.
  • Gophish — Open-source phishing framework. Free, but requires significant setup and has no training content.

The Charting Cyber take

ThriveDX Lucy occupies a specific niche: organizations that need phishing simulation and awareness training but cannot or will not send employee data to a cloud platform. The on-prem deployment option is a genuine differentiator in a market that has gone almost entirely SaaS.

The tradeoff is user experience and ecosystem. KnowBe4 and Proofpoint have larger content libraries, smoother interfaces, and more integrations. Lucy’s campaign builder is powerful but demands more configuration effort. If data sovereignty drives your vendor selection, Lucy is one of the few serious options. If it does not, the cloud-native alternatives are easier to live with day to day.

Get a quote for ThriveDX Lucy

Related vendors

IRONSCALES
Mid-market teams that want email threat detection and phishing simulation in a single, affordable platform
Email SecuritySecurity Awareness
Living Security
Organizations that want behavior-based human risk management beyond traditional phishing simulations
Security Awareness
KnowBe4
Organizations of any size that need a mature phishing simulation and security awareness training program
Compliance/GRCSecurity Awareness