How are risk scores calculated?

User Risk Levels Explanation 

  • High Risk Users: These are users who haven't demonstrated a strong understanding of common cyber security areas, i.e. show little/low engagement with assigned content and struggle with responding correctly to simulated phishing simulations.
  • Medium Risk Users: These users have some understanding of common cyber security areas, partially engage with assigned content, and occasionally respond well to simulated phishing emails.
  • Low Risk Users: These users have proven their understanding of common cyber security areas, engage effectively with assigned content, and consistently respond well to simulated phishing emails.

Which risk factors impact upon risk scores?

Utilising data we already collect on users within the platform, we generate individual employee risk scores based on the following risk factors. 

a. 34% - Engagement

If users have any outstanding mandatory or optional content awaiting to be completed that has Risk Score enabled, this will impact their risk score. 

b. 33% - Fusion Course Performance

  • The overall average of course quiz attempts. 
    • Passing quizzes first time will have a positive impact on scores.
    • The more attempts it takes users to pass quizzes, the more this will negatively impact scores.

c. 33% - Interactions with phishing simulations

  • Negative impact on risk score, i.e. score increases.
    • Phishing simulation clicks/QR Scan (11%)
    • Data Entry (11%)
    • Attachment Open (11%)
  • Positive impact on risk score
    • Report a phish via the MetaPhish 'Report' button.

Please note: A Risk calculation time period can be set for content/simulations targeted to users between the last 1-3 years. Content and phishing simulations will need to have risk score enabled before they can contribute to the users' risk score.

Risk Bandings

Level

High

Medium

Low

Score

Risk score more than 80

Risk score between 40 & 80

Risk score lower than 40

 

Please refer to the following articles for more information:

Back to all articles