Risk Factor Scores Explained

The Risk Score Scores provides greater visibility into what influences the employee risk scores and helps you understand why a user's risk score has changed, providing context for better decision-making and risk management.

The following 3 risk factor scores of Engagement Score, Quiz Attempts Score, and Phish Interactions Score can be found in the reports below within the Risk & Engagement Dashboard:

  • Organisational Risk Levels
  • Preferred Departmental Training vs. Employee Risk
  • Engagement by Delivery Method

Scoring Explained

  • Engagement Score: Tracks user engagement, helping to identify those who are actively completing their content.
  • Quiz Attempts Score: Measures the average number of quiz attempts for a user's completed Fusion courses. The higher the average number of attempts by a user to complete the quizzes, the higher the score will be. 
  • Phishing Interactions Score: Monitors interactions with phishing simulations. The more negative interactions that users have with phishing simulations, such as clicks, data form entries or attachment opens, the higher this score will be. 
  • Phish Reported: Shows the number of phishing simulations that have been reported via the MetaPhish 'report' button. Reporting phishing simulations will help with reducing the user's score.

The standard score for each risk factor ranges from 0 to 33 (34 for Engagement).

  • A score of 33 or 34 means a user is at the highest risk level for that factor. An example of this would be a user who has not completed all of their outstanding content. (Sometimes this can be seen for new joiners.)
  • A score of 0 (presented as a dash) either means that the user is at the lowest risk level for that factor, or that they still have to participate in that risk factor.
    • For example, if a user has never had a phishing simulation delivered to them that has risk scores enabled, their score would be shown as a dash.
    • Alternatively, if a user has had a number of phishing simulations targeted at them over the course of a year, and has never clicked on them, then their score would also appear as a dash.

The user's overall risk score is then calculated by combining the score of all of the risk factors, for example:

  • Engagement Score = 5
  • Quiz Attempts Score = 20
  • Phish Interaction Scores 
    • Phish Clicks/QR Scan = 20
    • Data Entry = 2
    • Attachment open = 0
  • Total Risk Score  = 52 (Score will always round down) = Medium Risk

Admins and end users can access more insights by clicking the 'View Insights' button. This will provide a detailed overview of the user's behaviour that is impacting the score.

For additional information, please refer to the articles below:

Back to all articles