Understanding New Joiner Risk Scores & Risk Scores of 100

Why do new joiners have a risk score of 100?

You may notice that some new joiners initially appear with a risk score of 100. This is a common scenario and can be easily explained.

  1. Lack of engagement with risk-scored content

    • New joiners may not have completed any courses or content that contribute to risk scoring.
    • Without participation in these activities, there is no data to evaluate their security posture, resulting in a default high-risk score.
  2. No Fusion courses or quizzes completed

    • Fusion courses and associated quizzes are designed to assess and improve security awareness.
    • If new joiners have not yet taken these courses and completed their embedded quizzes, their risk level remains undetermined and set at the highest score.
  3. Phishing simulation pending

    • Phishing simulations are critical in evaluating a user’s susceptibility to phishing attacks.
    • New joiners who have not yet undergone these simulations are assigned a high-risk score until their responses can be measured.

What happens next?

As new joiners start engaging with the available content and participate in phishing simulations, their risk scores will begin to adjust accordingly. Here's how...

  1. Completion of risk-scored content

    • As new joiners complete security training modules, their knowledge and awareness are assessed, leading to a more accurate risk score.
  2. Participation in Fusion courses and quizzes

    • By completing these courses and quizzes, new joiners demonstrate their understanding of the topic, which helps lower their risk score.
  3. Performance in phishing simulations

    • Once new joiners are delivered with phishing simulations, their ability to recognise and avoid phishing attempts is evaluated, contributing to a more precise risk score.

Monitoring and Support

It's important to monitor the progress of new joiners and provide support as they engage with security training and any outstanding content. Encouraging them to complete the necessary content and positively interact with phishing simulations will help in reducing their risk score over time.

 

Other reasons Risk Scores are displayed as 100 for users

If Risk Scores have only been enabled for a limited number of content or phishing simulations, the resulting calculations may lack sufficient data, potentially leading to higher risk scores for some users.

For example, if Risk Scores are enabled for just one recently published course and one upcoming phishing simulation, users who have not yet completed the course will receive a score of 100. This score will remain until they engage with either the course or the phishing simulation.

It is suggested to enable the risk score setting for a large range of content. This will allow for a bigger data set to be included in the calculation, which will provide more accurate Risk Scores for users. 

 

Summary

New joiners may initially have a high risk score due to the absence of completed content, no attempts at Fusion quizzes and lack of interactions with phishing simulations. As they engage with the content, course quizzes and simulations targeted to them, their risk score will adjust to more accurately reflect their security awareness and behaviour.

Back to all articles