Our Risk Score v2 is an updated version of our Virtual Risk Officer and Risk Score Guide with a new calculation for Risk Score. With Risk Score v2, you can view more detailed information on your Risk Score, such as security types, risk factors, your available range for risk, and risk insights.
Our SmartRisk Agent™ feature provides actionable data and metrics to help you better understand your organization’s security strengths and weaknesses. You can use SmartRisk Agent™ to learn which users may be more vulnerable to phishing attacks and review the effectiveness of your security awareness training program.
SmartRisk Agent™ assigns dynamic Risk Scores to your users, groups, and organization. You can use these Risk Scores to make data-driven decisions for your organization's security.
KnowBe4 records a unique Risk Score for your users, groups, and organization. Your Risk Score v2 is calculated using risk factors from various security types. Risk factors include specific events that can be positive, such as reporting a phishing email with the Phish Alert Button (PAB), or negative, such as clicking a phishing link. Security types are our groupings for risk factors.
In Risk Score v2, you can view Risk Score data for an individual user, a group of users, or a team of users under a manager.
To filter your Risk Score Reports, select which user groups and date ranges you would like to see. To enable Risk Score v2 throughout your console and to use Risk Score v2 in your Reporting API, see the Risk Score section of our KnowBe4 Console Account Settings: Reports article.
Available Range
Risk factors from security types feed into your organization’s available range. Your available range indicates your level of risk, with one being the least risky and 100 being the most risky.
Your available range for Risk Score is also calculated using the information provided by our products, such as SecurityCoach or PasswordIQ. While having all of our products is not a requirement for Risk Score v2, it enables us to provide you with a more informed available range for your Risk Score. For more information on possible available ranges, see the table below. These ranges are calculated based on products that are enabled and actively used.
Enabled Products and Features | Minimum Risk Score | Maximum Risk Score |
---|---|---|
KSAT Training tab | 27.7 | 47.2 |
KSAT Phishing tab | 38.2 | 45.1 |
KSAT Training tab and Phishing tab | 26.0 | 52.4 |
KSAT Training tab, Phishing tab, and Phish Alert Button (PAB) | 21.7 | 55.0 |
KSAT Training tab, Phishing tab, PAB, and Email Exposure Check (EEC) Pro | 20.6 | 58.2 |
KSAT Training tab, Phishing tab, PAB, EEC Pro, and PasswordIQ | 19.7 | 60.9 |
KSAT Training tab, Phishing tab, PAB, EEC Pro, PasswordIQ, and SecurityCoach | 10 | 90 |
New User Bias
Whenever you add a new user to your console, your organization’s Risk Score will increase for 90 days. During this 90-day period, the new user bias is applied. Any training completions and phishing test results are still recorded and factored into the user's overall risk profile. However, the impact of these positive actions may be less noticeable due to the applied bias.
After 90 days, the new user bias is removed. Then, your organization’s Risk Score will show the entirety of the user's performance, including all training completed and phishing test results from the past 90 days. Users who have completed training and performed well in phishing simulations during their first 90 days will see a more significant drop in their Risk Score once the new user bias is removed.
Security Types
The Security Types widget shows how your Risk Score has changed for each security type. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change. You can click the arrow to view more details about each security type. For more information, see the screenshot and list below:
- Active Factors: This column displays risk factors that are from security types with active integrations or products that are enabled and actively used.
-
Behavior Type: This column indicates if the behavior was risky or secure. Risky behavior increases your Risk Score, while secure behavior decreases your Risk Score.
Note: Mitigation events also positively impact your Risk Score. Currently, mitigation events include SecurityTips, AIDA Remedial Training completions, and resolved PasswordIQ vulnerability scans.
- Source: This column indicates which product or integration contributed to the risk factor.
-
Points: This column displays the current Risk Score contribution for the selected risk factor as well as the overall trend change in your Risk Score. The overall trend change will be displayed as going up or down from the last recorded Risk Score.
Note:Expiring risky events may decrease your Risk Score, and expiring secure events may increase your Risk Score. Each risk factor has its own time-to-live (TTL) value, so events only impact your Risk Score for a set amount of time.
- Inactive Factors: This column displays risk factors that are from security types where there are no integrations or products. As we are not receiving data, we set the Risk Score value for these factors.
For more information on each security type and example risk factors, see the table below.
Security Type | Description | Example Risk Factor |
---|---|---|
Email Security | Email security reflects risks from a user’s email usage and interactions. | Reporting a phishing email with the PAB |
Endpoint Security | Endpoint security reflects risks posed by a user’s interaction with their device. | Malware detected on a user’s device |
Data Security | Data security reflects risks from data that a user shares. | Sharing files to an external device |
Web Security | Web security reflects risks from a user’s online behavior. | Visiting harmful websites |
Account Hygiene | Account hygiene reflects a user's overall security awareness related to their accounts. | Having a strong password |
Compliance Electives | Compliance electives reflect a user’s training completions related to compliance topics. | Completing security awareness training related to compliance |
Physical Security | Physical security reflects a user’s training completions related to physical security. | Tailgating |
Risk Score Trend
The Risk Score Trend chart shows the trend of your Risk Score based on your selected report type and your date range.
Risk Score Distribution
The Risk Score Distribution chart shows the Risk Score for your selected report and selected date range.
Riskiest Users
The Riskiest Users chart shows the top ten riskiest users for your selected report and your select date range. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change. To filter your chart by your safest users, select the Riskiest Users drop-down menu, then select Safest Users.
Riskiest Teams
The Riskiest Teams chart shows the top ten riskiest teams of direct reports for your Manager Risk Score report and your selected date range. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change. To filter your chart by your safest teams, select the Riskiest Teams drop-down menu, then select Safest Teams.
Riskiest Groups
The Riskiest Groups chart shows the top ten riskiest groups for the selected groups in your Group Risk Score report and your selected date range. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change. To filter your chart by your safest groups, select the Riskiest Groups drop-down menu, then select Safest Groups.