In this article you'll find:
Why is my user's Risk Score so high?
Here are some common reasons that a user's or your organisations Risk Score could be higher than expected:
The user has not been sent any phishing simulations. If a user's response to phishing simulations has not been assessed, their potential risk remains high.
The user is still progressing through the Auto Enrol programme. If you have enabled Auto Enrol, user progress is measured based on participation and achievement across the full auto enrol programme, not just the courses that the user has so far been enrolled in.
How can I lower a user's Risk Score?
Here are some ways in which you can help lower a user's or your organisation's Risk Score:
Perform a phishing simulation. If a user's Risk Score is high due to not spotting phishing simulations or not having taken part in any yet, performing a phishing simulation where the user does not become compromised will improve their risk score. (You will need to wait up to 48 hours after a simulation for Risk Score to change, as the calculation gives time for the user to become compromised.)
Ensure the user has completed any outstanding training courses. A user's Risk Score will steadily improve as they progress on their training programme, but you should ensure that no outstanding courses are bringing down their score.
Wait for the user to progress further in Auto Enrol. As the user progresses through their full Auto Enrol programme, their Risk Score will decrease over time.
Next steps
Read more about how Risk Score works