Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

Features

Interactive 3D Training SCORM Cloud LMS Human Risk Score Risk-Based Automation All features

Simulations

Phishing Simulations Smishing Simulations
Vishing Simulations Soon
Partners About Us
Blog

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo
Human Risk Management

Human Risk Score

Give every person in your organization a 0 to 100 score that estimates how likely they are to fall for a social-engineering attack. It is built from how people actually behave in phishing simulations, not a questionnaire, and it moves as that behavior changes.

Human risk score visualization: a 0 to 100 gauge banded Low, Moderate, High, and Critical, fed by three contributing sub-scores for susceptibility, remediation, and training, with a recency-weighted trend line

How the human risk score is calculated

Four steps from raw behavior to a number you can act on.

01

Collect signals

Every phishing simulation result, phish report, overdue lesson, and failed drill becomes a signal tied to the person who generated it. No surveys, no self-assessment.

02

Weight what predicts failure

Three sub-scores feed the total: susceptibility from simulation outcomes, remediation debt from overdue follow-ups, and training hygiene. Susceptibility carries the most weight because it tracks real failure.

03

Decay over time

Recent behavior counts most. Each signal fades on a roughly 90-day half-life, so a slip last week weighs more than one last year, and people who improve watch their score fall.

04

Score and band

Each person lands on a 0 to 100 score and a band: Low, Moderate, High, or Critical. People with too little history are flagged Limited data instead of being guessed at.

Every score shows its work

A risk number nobody can explain is a number nobody trusts. Each score opens to the evidence behind it.

Why this score dialog showing a per-person risk breakdown: total score with confidence and band, three weighted sub-scores for phishing susceptibility, remediation debt, and training hygiene, the top factors driving the score, and the counts of simulations, remediations, drills, and trainings used to compute it

Top factors, in plain terms

Open any score to see the sub-scores, their weights, and the specific events pushing it up or down, like a clicked credential lure three weeks ago or two overdue lessons.

A confidence rating on every score

Each score carries a confidence level. People with little simulation history sit near a neutral baseline and are labeled Limited data, so a quiet new hire is never mistaken for a safe one.

No black box

Managers and admins can trace any score back to the exact simulations, reports, and lessons behind it. There is no hidden model output to take on faith.

Built from behavior, not guesswork

The score reads the decisions people make under a real lure, not data scraped from somewhere else.

Risk Score dashboard showing the organization average, the count of people scored, the limited-data count, a banded distribution across Low, Moderate, High, and Critical with per-band counts, and an area chart of the average risk over time

Phishing-simulation outcomes

Opened, clicked, submitted credentials, opened an attachment, granted OAuth, or replied to a business-email-compromise lure. The worst action in each simulation sets the susceptibility score.

Reporting lowers risk

People who report a simulated phish get credit for it. Spotting and reporting an attack is the behavior you want, so the score rewards it.

Remediation and training debt

Overdue or failed follow-up training and overdue mandatory lessons raise the score until they are cleared. Finishing the work brings it back down.

See risk across the whole organization

Roll the score up from one person to a team to the entire workforce, and watch the trend instead of a single snapshot.

Teams-by-risk table with the riskiest team at the top showing average score and band, alongside a People table listing the highest-risk individuals with their team, score, band, and confidence

Org and team rollups

See the average score, the spread across Low to Critical bands, and the trend over time for the whole organization and for each team.

Find who needs attention

A roster sorted riskiest first puts the handful of people who actually move the number at the top, so a program manager knows exactly where to spend time.

Private by default

Managers see only their own direct reports. Individual scores are gated behind a permission, and everyone else sees aggregates, in line with works-council and GDPR expectations.

Frequently Asked Questions

What is a human risk score?

A human risk score is a number, usually on a 0 to 100 scale, that estimates how likely a specific employee is to fall for a social-engineering attack like phishing. A higher score means higher risk.

RansomLeak builds the score from how each person behaves in phishing simulations, whether they report suspicious messages, and whether their training and remediation are up to date.

Risk is not spread evenly across a workforce. A small group of repeat clickers accounts for most of the exposure, and the Verizon 2024 Data Breach Investigations Report found a human element in 68% of breaches, so scoring people individually lets you focus on the few who need attention.

How is the human risk score calculated?

Three sub-scores feed the total. Susceptibility comes from phishing-simulation outcomes, from opened through clicked to credential submitted. Remediation debt comes from overdue or failed follow-up training. Training hygiene comes from overdue mandatory lessons and failed drills.

Susceptibility carries the most weight because it tracks real failure, and every signal decays on a roughly 90-day half-life so recent behavior dominates. Admins can tune the weights, bands, and half-life to match their own risk model.

Does a higher score mean more or less risk?

Higher means riskier. A score near 100 marks someone who has recently failed simulations and has training debt, while a score near 0 marks someone who consistently spots and reports lures.

People sit in one of four bands, Low, Moderate, High, or Critical, so you can act on a band without arguing over single points.

Do you use dark web or OSINT data to score people?

No. The score is built from behavior inside your own program: simulation results, phish reports, and training status. It does not pull breach databases, social-media footprints, or other external profiling.

That keeps the score explainable and defensible. Every point traces back to an action the person took, which matters for works-council and privacy review.

How often does the score update?

Scores recompute every night, and they also update in near real time after a high-impact event such as submitting credentials to a simulated lure or completing a remediation path.

So a serious failure shows up the same day rather than waiting for the next campaign cycle.

Do I need phishing simulations to use the human risk score?

Yes. The score depends on real behavioral signals, and phishing simulations are the primary source. Without them there is no behavior to measure, so the human risk score is part of the simulation add-on rather than basic training alone.

Once it is running, you can act on it automatically with risk-based automation.

See RansomLeak in Action

Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.

Request Demo Try Free Exercises