How can I lower my Risk Score?

Find out why your organizations' Risk Score might be high - and how you can help bring it down.


In this article you'll find:

  • Why your users' Risk Scores could be high
  • What you can do to help lower your users' Risk Scores

Why is my user's Risk Score so high?

Here are some common reasons that a user's or your organization's Risk Score could be higher than expected:

  • The user has not been sent any phishing simulations. If a user's response to phishing simulations has not been assessed, their potential risk remains high.
  • The user is still progressing through the Auto Enrol program. If you have enabled Auto Enroll, user progress is measured based on participation and achievement across the full Auto Enroll program, not just the courses that the user has so far been enrolled in.

How can I lower a user's Risk Score?

Here are some ways in which you can help lower a user's or your organization's Risk Score:

  • Perform a phishing simulation. If a user's Risk Score is high due to not spotting phishing simulations or not having taken part in any yet, performing a phishing simulation where the user does not become compromised will improve their risk score. (You will need to wait up to 48 hours after a simulation for Risk Score to change, as the calculation gives time for the user to become compromised.)
  • Ensure the user has completed any outstanding training courses. A user's Risk Score will steadily improve as they progress on their training program, but you should ensure that no outstanding courses are bringing down their score.
  • Wait for the user to progress further in Auto Enrol. As the user progresses through their full Auto Enroll program, their Risk Score will decrease over time.

Next steps

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.