How are risk scores calculated?

User Risk Levels Explanation 

  • High Risk Users: These are users who haven't demonstrated a strong understanding of common cyber security areas, i.e. show little/low engagement with assigned content, and struggle with responding correctly to simulated phishing simulations.
  • Medium Risk Users: These users have some understanding of common cyber security areas, partially engage with assigned content, and occasionally respond well to simulated phishing emails.
  • Low Risk Users: These users have proven their understanding of common cyber security areas, engage effectively with assigned content, and consistently respond well to simulated phishing emails.

Which risk factors impact upon risk scores?

Utilising data we already collect on users within the platform, we generate individual employee risk scores based on the following risk factors:

a. 33.3% - Fusion Course Performance

  • Overall average of course quiz attempts. 
    • Passing quizzes first time will have a positive impact on scores.
    • The more attempts it takes users to pass quizzes, the more this will negatively impact scores.

b. 33.3% - Interactions with phishing simulations

  • Negative impact on risk score, i.e. score increases
    • Phishing simulation clicks/QR Scan
    • Data Entry
  • Positive impact on risk score
    • Report phish via the MetaPhish 'Report' button

c. 33.3% - Engagement

If users have any outstanding Mandatory or Optional content awaiting to be completed, this will also  impact their risk score. 

Please note: If you do not require some content to impact users' overall risk score, this can be disabled on a per content basis.

Risk Bandings

Level High Medium Low
Score Risk score more than 80 Risk score between 40 & 80 Risk score lower than 40

 

Back to all articles