The Employee Risk Scores & Engagement Dashboard is designed to help organisations proactively manage and reduce human risk. By combining multiple risk factors, the dashboard highlights which employees and departments may pose the highest risk, enabling more targeted interventions.

However, before enabling risk scores for your organisation, there are several important considerations to keep in mind.

1. Functionality Considerations

(a) New End-User Home Page

If you enable the Admin and End User Risk Dashboard, end users will see a new tile displaying their current risk score along with personalised suggestions on how to improve it.

(b) Department Selection (Optional)

After logging in and enabling risk scores, end users can be asked to select a department that best matches their role. At the moment, we provide a default list of the most common departments. As this list is not customisable, users whose department is not listed can select Other.

This information populates the departmental charts within the Admin Employee Risk and Engagement Dashboard. This feature is optional and can be disabled by toggling off Show Departmental Training within Settings → Company Edit.

2. Organisational Considerations

(a) Ethical Considerations

Carefully consider the ethical implications of implementing employee risk scores, particularly in terms of individual privacy, autonomy and fairness.

Consult with relevant stakeholders, including legal and HR departments, to ensure that the feature aligns with the organisation's values and ethical standards.

(b) Data Protection, Transparency & Trust

Provide clear criteria and the metrics used to calculate the risk score so that employees understand how their behaviour influences their score and what steps they can take to reduce it.

(c) Employee Education and Training

Empower employees to take ownership of their cyber security behaviours and help them understand how their actions impact the organisation's overall security posture.

Continue to deliver eLearning training and guidance so employees can improve their cyber security hygiene and reduce their risk scores over time.

(d) Accountability and Responsibility

Define clear roles and responsibilities for managing and monitoring employee risk scores.

Hold employees accountable for not adhering to cyber security policies and procedures, while also recognising and rewarding positive behaviours and contributions to security.

Avoid relying on risk scores as the sole basis for disciplinary actions or performance evaluations, as this can create a culture of fear and mistrust.

For further information on Employee Risk Scores, please refer to the following related articles:

• Best practice approach when enabling Risk Scores
• How are risk scores calculated?
• Employee Risk Scores FAQs
• Guidance for customising the Employee Risk Score