Human Risk Score

What is it for?

• Identify users with the highest human risk level

• Detect vulnerable behaviors against simulated attacks

• Measure risk evolution over time

• Evaluate the impact of awareness campaigns

• Prioritize training or mitigation actions

• Analyze risk at the user, group, or company level

How is it calculated?

The score is built from behavioral signals and considers user exposure (how frequently they receive simulations) to avoid bias.

Negative signals — increase risk:

• Credential submission

• Clicks on malicious content

• File downloads

• Recurrence

Positive signals — reduce risk:

• Reporting simulations

• Opening newsletters

• Completed courses

• Completed Learning Paths

The score updates daily and is historical, reflecting the evolution of behavior over time.

Where is it shown?

The Human Risk Score is the platform's core calculation engine and is displayed in different contexts:

• Overview — company overall score, distribution by department and group, and evolution history

• Benchmark — score comparison against the industry average

• Employee analysis — individual score per user

• Risk Detail by group or department — aggregated score with its own history per segment

❓ FAQs

• Is the score the same for all users?

No. It is calculated individually based on each user's behavior.

• Can a user improve their score?

Yes. Positive actions such as reporting simulations or completing courses reduce risk.

• What happens if a user doesn't receive simulations?

They are not penalized. The model considers exposure to avoid bias.

• Can the score be viewed by department or team?

Yes. The score is aggregated at different organizational levels: user, group, department, and company.

• Does the score change over time?

Yes. It is updated daily dynamically based on recent behavior.

💬 Have feedback about this feature or want to request improvements? Let us know at roadmap.whalemate.com/roadmap