Get instant support with our search!
How are risk scores calculated?
User Risk Levels Explanation
- High Risk Users: These users have not demonstrated a strong understanding of common cyber security areas. They show little or low engagement with assigned content and struggle with responding correctly to simulated phishing simulations.
- Medium Risk Users: These users have a moderate understanding of common cyber security areas. They engage partially with assigned content and occasionally respond correctly to simulated phishing emails.
- Low Risk Users: These users have shown a strong understanding cyber security. They engage effectively with assigned content and respond appropriately to simulated phishing emails.
Which Risk Factors Impact Risk Scores?
Using data already collected within the platform, individual employee risk scores are calculated based on the following factors:
a. 34% - Engagement
If users have any outstanding mandatory or optional content (with Risk Score enabled), this will negatively impact their risk score.
b. 33% - Fusion Course Performance
This is based on the average number of quiz attempts:
- Passing quizzes on the first attempt will have a positive impact on scores.
- Multiple attempts to pass quizzes will negatively affect scores.
c. 33% - Interactions with phishing simulations
Negative interaction (increases risk score):
- Clicking on phishing simulations or scanning QR codes (11%)
- Entering data (11%)
- Opening attachments (11%)
Positive interaction (decreases risk score):
- Reporting a phish using the MetaPhish 'Report' button.
⚠️ Please note: A risk calculation time period can be set for content and simulations targeted to users between the last 1-3 years. Content and phishing simulations must have risk score enabled before they can contribute to a user's risk score.
Risk Bandings
|
Level |
High |
Medium |
Low |
|
Score |
Risk score more than 80 |
Risk score between 40 & 80 |
Risk score lower than 40 |
Please refer to the following articles for more information: