Get instant support with our search!
How are risk scores calculated?
User Risk Levels Explanation
- High Risk Users: These are users who haven't demonstrated a strong understanding of common cyber security areas, i.e. show little/low engagement with assigned content, and struggle with responding correctly to simulated phishing simulations.
- Medium Risk Users: These users have some understanding of common cyber security areas, partially engage with assigned content, and occasionally respond well to simulated phishing emails.
- Low Risk Users: These users have proven their understanding of common cyber security areas, engage effectively with assigned content, and consistently respond well to simulated phishing emails.
Which risk factors impact upon risk scores?
Utilising data we already collect on users within the platform, we generate individual employee risk scores based on the following risk factors.
a. 34% - Engagement
If users have any outstanding Mandatory or Optional content awaiting to be completed, that has Risk Score enabled, this will impact their risk score.
b. 33% - Fusion Course Performance
- Overall average of course quiz attempts.
- Passing quizzes first time will have a positive impact on scores.
- The more attempts it takes users to pass quizzes, the more this will negatively impact scores.
c. 33% - Interactions with phishing simulations
- Negative impact on risk score, i.e. score increases
- Phishing simulation clicks/QR Scan (11%)
- Data Entry (11%)
- Attachment Open (11%)
- Positive impact on risk score
- Report phish via the MetaPhish 'Report' button
Please note: If you do not require some content to impact users' overall risk score, this can be disabled on a per content basis.
Risk Bandings
Level |
High |
Medium |
Low |
Score |
Risk score more than 80 |
Risk score between 40 & 80 |
Risk score lower than 40 |
Please refer to the following articles for more information: