Our Risk Score v2 is an updated version of our Virtual Risk Officer and Risk Score Guide with a new calculation for Risk Score. With Risk Score v2, you can view more detailed information on your Risk Score, such as security types, risk factors, your available range for risk, and risk insights.
Our SmartRisk Agent™ feature provides actionable data and metrics to help you better understand your organization’s security strengths and weaknesses. You can use SmartRisk Agent™ to learn which users may be more vulnerable to phishing attacks and review the effectiveness of your security awareness training program.
SmartRisk Agent™ assigns dynamic Risk Scores to your users, groups, and organization. You can use these Risk Scores to make data-driven decisions for your organization's security.
KnowBe4 records a unique Risk Score for your users, groups, and organization. Your Risk Score v2 is calculated using risk factors from various security types. Risk factors can be positive, such as reporting a phishing email with the PAB, or negative, such as clicking a phishing link.
In Risk Score v2, you can view Risk Score data for an individual user, a group of users, or a team of users under a manager.
To filter your Risk Score Reports, select which user groups and date ranges you would like to see.
Available Range
Risk factors from security types feed into your organization’s available range. Your available range indicates your level of risk, with one being the least risky and 100 being the most risky.
Your available range for Risk Score is also calculated using the information provided by our products, such as SecurityCoach or PasswordIQ. While having all of our products is not a requirement for Risk Score v2, it enables us to provide you with a more informed available range for your Risk Score. For more information on possible available ranges, see the table below. These ranges are calculated based on products that are enabled and actively used.
Enabled Products and Features | Minimum Risk Score | Maximum Risk Score |
---|---|---|
KSAT Training tab | 27.7 | 47.2 |
KSAT Phishing tab | 38.2 | 45.1 |
KSAT Training tab and Phishing tab | 26.0 | 52.4 |
KSAT Training tab, Phishing tab, and Phish Alert Button (PAB) | 21.7 | 55.0 |
KSAT Training tab, Phishing tab, PAB, and Email Exposure Check (EEC) Pro | 20.6 | 58.2 |
KSAT Training tab, Phishing tab, PAB, EEC Pro, and PasswordIQ | 19.7 | 60.9 |
KSAT Training tab, Phishing tab, PAB, EEC Pro, PasswordIQ, and SecurityCoach | 10 | 90 |
New User Bias
Whenever you add a new user to your console, your Risk Score will increase for 90 days. This temporary increase in Risk Score is designed to account for the inherent risk associated with new users who have not yet completed any security awareness training and who may not be familiar with your organization's security policies. While you can assign your user security awareness training, this will not affect the new user bias until the 90-day period is complete.
Security Types
The Security Types widget shows how your Risk Score has changed for each security type. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change. You can click the arrow to view more details about each security type. For more information, see the screenshot and list below:
- Known Factors: This column displays risk factors that are from security types with known integrations or products that are enabled and actively used.
- Behavior Type: This column indicates if the behavior was risky or secure. Risky behavior increases your Risk Score, while secure behavior decreases your Risk Score.
- Source: This column indicates which product or integration contributed to the risk factor.
-
Points: This column displays the current Risk Score contribution for the selected risk factor as well as the overall trend change in your Risk Score. The overall trend change will be displayed as going up or down from the last recorded Risk Score.
Note:Expiring risky events may decrease your Risk Score, and expiring secure events may increase your Risk Score. Each risk factor has its own time-to-live (TTL) value, so events only impact your Risk Score for a set amount of time.
- Unknown Factors: This column displays risk factors that are from security types where there are no integrations or products. As we are not receiving data, we set the Risk Score value for these factors.
For more information on each security type and example risk factors, see the table below.
Security Type | Description | Example Risk Factor |
---|---|---|
Email Security | Email security reflects risks from a user’s email usage and interactions. | Reporting a phishing email with the PAB |
Endpoint Security | Endpoint security reflects risks posed by a user’s interaction with their device. | Malware detected on a user’s device |
Data Security | Data security reflects risks from data that a user shares. | Sharing files to an external device |
Web Security | Web security reflects risks from a user’s online behavior. | Visiting harmful websites |
Account Hygiene | Account hygiene reflects a user's overall security awareness related to their accounts. | Having a strong password |
Compliance Electives | Compliance electives reflect a user’s training completions related to compliance topics. | Completing security awareness training related to compliance |
Physical Security | Physical security reflects a user’s training completions related to physical security. | Using a Yubikey |
Risk Score Trend
The Risk Score Trend chart shows the trend of your Risk Score based on your selected report type and your date range.
Risk Score Distribution
The Risk Score Distribution chart shows the Risk Score for your selected report and selected date range.
Riskiest Users
The Riskiest Users chart shows the top ten riskiest users for your selected report and your select date range. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change.
Riskiest Teams
The Riskiest Teams chart shows the top ten riskiest teams of direct reports for your Manager Risk Score report and your selected date range. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change.
Riskiest Groups
The Riskiest Groups chart shows the top ten riskiest groups for the selected groups in your Group Risk Score report and your selected date range. A green arrow indicates that your Risk Score decreased, a red arrow indicates that your Risk Score increased, and a gray line indicates that your Risk Score didn’t change.