Introducing Risk Score

View the human threat to your organization at a glance.


In this article, you will learn:

  • What is Risk Score?
  • What are the benefits of Risk Score?
  • How is Risk Score calculated?
  • What do the Risk Scores mean?
  • How do I turn on Risk Score?
  • How can I see my organisation's overall Risk Score?
  • How can I see the Risk Score of individual users?
  • What actions should I take based on my organisation's Risk Score?

What is Risk Score?

Risk Score is a way to visualize the human threat to your organization. It includes an individual Risk Score for each user and an overall Risk Score for your organisation.


What are the benefits of Risk Score?

Risk score allows you to assess the level of human error that your end-users are likely to commit. It allows you to understand the general level of security awareness present in the organization and provides you with a breakdown by group or department. This helps you assess whether training has been effective, and prioritize the most imminent gaps in awareness.


How is Risk Score calculated?

Risk Score brings together all risk factors that are evaluated and mitigated on the SiberMate platform.

The Risk Score calculation takes into account:

  • The volume of exposed data and personal information found on the breach databases
  • Whether the user has opened, clicked, or compromised their credentials in phishing simulations
  • Whether the user has completed their training courses and what grade they have achieved in them.

The Risk Score algorithm gives each user a score out of 900, as well as calculating an organization-wide score. The scores are divided into five tiers ranging from Very High to Very Low.


What do the scores mean?

  • A user with a High or Very High Risk Score is highly vulnerable to cyber threats. They are likely to have personal information exposed on the breach databases, and may not have completed their training, and are at high risk of compromising their credentials to phishing emails.
  • A user with a Medium Risk Score poses a moderate human risk. They may have information exposed on the breach data, compromised their credentials to phishing emails, or not have successfully completed their training.
  • A user with a Low or Very Low Risk Score does not have large volumes of personal information exposed on the breach databases, has not recently compromised their details on phishing simulations, and has adequately completed training.

How do I turn on Risk Score?

Before you're able to see your Risk Score, you must turn on the functionality in the Report Settings. You can find this setting in Settings > Report Settings > Enable Risk Score.


Where can I find the Risk Score overview?

Once you have enabled the Risk Score setting, you will see your overall Risk Score in your SiberMate dashboard, which you can access by clicking Home in the top menu.​

The 'Risk Score' meter shows you the current Risk Score of your organisation, as well as how it has changed in the last week.

The line graph at the bottom of the Home dashboard shows you the change in your company's overall Risk Score over time, in monthly intervals. It also shows a breakdown of the components that create your organization's Risk Score, and how they have changed. Use the date slider to inspect the change in Risk Score over your chosen time period.


How can I see the Risk Score of individual users?

To see the Risk Score of individual users, you will need to head to the Users page, which you can access by clicking Users in the top menu.


When Risk Score is enabled, each user will have their individual Risk Score displayed next to their name. You can also use the search bar to find users whose Risk Score you wish to view.​

If you click on the user's name to access their profile, you will see a breakdown of the user's Risk Score. This will show you how the user is performing in each core area of security.


What actions should I take based on my organization's Risk Score?

Risk Score aids you in gaining an overview of your organization's level of human threat, as well as helping you find what areas of security awareness you will need to prioritize.

  • A High or Very High Risk Score is a good indication that there is a high level of human risk present among your end-users. You must train all your end users on all areas of cyber security, including email safety and limiting exposure of data on the internet.
  • A Medium Risk Score means that your users are moderately liable to human risk. You should ensure they receive training in all areas to improve your organization's security against human error.
  • A Low or Very Low Risk Score does not mean that your organization is safe from human error - but that your end-users are generally competent on essential security topics. You may wish to bring some of your end-users up to speed on more advanced topics to increase the overall security of your organisation.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.