Search Background

Get instant support with our search!

Risk Factor Scores Explained

User Avatar
Stephen Crumley

Updated

The Risk Score scores provide greater visibility into what influences an employee's risk and helps you understand why a user's risk score has changed, providing context for better decision-making and risk management.

The following 3 risk factors of Engagement Risk, Quiz Attempts Risk, and Phish Interactions Risk can be found in the reports below within the Risk & Engagement Dashboard:

  • Organisational Risk Levels
  • Preferred Departmental Training vs. Employee Risk
  • Preferred Language

Scoring Explained

  • Engagement Score: Tracks user engagement, helping to identify those who are actively completing their content.
  • Quiz Attempts Score: Measures the average number of quiz attempts for a user's completed Fusion courses. The higher the average number of attempts by a user to complete the quizzes, the higher the score will be. 
  • Phishing Interactions Score: Monitors interactions with phishing simulations. The more negative interactions that users have with phishing simulations, such as clicks, data form entries or attachment opens, the higher this score will be. 
  • Phish Reported: Shows the number of phishing simulations that have been reported via the MetaPhish 'report' button. Reporting phishing simulations will help with reducing the user's score.

The standard score for each risk factor ranges from 0 to 33 (34 for Engagement).

  • A score of 33 or 34 means a user is at the highest risk level for that factor, unless the weighting has been customised. An example of this would be a user who has not completed all of their outstanding content. (Sometimes this can be seen for new joiners.)
  • A score presented as a 0 means that the user is at the lowest risk level for that factor.
    • For example, if a user has had a number of phishing simulations targeted at them over the course of a year and has never clicked on them, then their score would also appear as a dash.

  • A score presented as a dash means that the user is at the lowest risk level for that factor or that they still have to participate in that risk factor.
      • For example, if a user has never had a phishing simulation delivered to them that has risk scores enabled, their score would be shown as a dash.

The user's overall risk score is then calculated by combining the score of all of the risk factors; for example:

  • Engagement Risk= 5
  • Quiz Attempts Risk = 20
  • Phish Interaction Risk
    • Phish Clicks/QR Scan = 20
    • Data Entry = 2
    • Attachment open = 0
  • Total Risk Score  = 52 (Score will always round down) = Medium Risk

Admins and end users can access more insights by clicking the 'View Insights' button. This will provide a detailed overview of the user's behaviour that is impacting the score.

For additional information, please refer to the articles below:

Back to all articles