Search Background

Get instant support with our search!

Risk Factor Scores Explained

User Avatar
Stephen Crumley

Updated

Risk Scores provide greater visibility into what influences an employee's risk. They help you understand why a user's score has changed, providing context for better decision-making and risk management.

The following three risk factors—Engagement Risk, Quiz Attempts Risk, and Phish Interactions Risk—are available in the reports within the Risk & Engagement Dashboard:

  • Organisational Risk Levels
  • Preferred Departmental Training vs. Employee Risk
  • Preferred Language

Scoring Explained

  • Engagement Score: Tracks user engagement, helping to identify those actively completing their content.
  • Quiz Attempts Score: Measures the average number of quiz attempts for completed Fusion courses. A higher average number of attempts results in a higher score.
  • Phishing Interactions Score: Monitors interactions with phishing simulations. Negative interactions—such as clicks, data form entries, or attachment opens—will increase this score.
  • Phish Reported: Shows the number of phishing simulations reported via the MetaPhish 'Report' button. Reporting phishing simulations helps reduce the user's score.

Score Ranges

  • The standard score for each risk factor ranges from 0 to 33 (34 for Engagement).
  • A score of 33 or 34 indicates that the user is at the highest risk level for that factor (unless the weighting has been customised). Example: A user who has not completed all outstanding content may score high. (Sometimes this can be seen for new joiners.)
  • A score of 0 means that the user is at the lowest risk level for that factor. Example: A user targeted by multiple phishing simulations but never clicked would score 0.

  • A score presented as a dash indicates that the user is at the lowest risk level for that factor or that they still have to participate in it. Example: A user who has never received a phishing simulation with risk scoring enabled will show a dash.

Overall Risk Score Calculation

The user's overall risk score is then calculated by combining the scores of all of the risk factors. For example:

  • Engagement Risk= 5
  • Quiz Attempts Risk = 20
  • Phish Interaction Risk
    • Phish Clicks/QR Scan = 20
    • Data Entry = 2
    • Attachment open = 0
  • Total Risk Score  = 52 (Score will always round down) → Medium Risk

Admins and end users can access detailed insights by clicking View Insights, which provides an overview of user behaviours impacting the score.

For additional information, please refer to the articles below:

Back to all articles