Understanding Risk Scores

Please find the two types of risk score methods and their calculations below:

Phishing Simulation Metrics Overview

This table categorizes and describes the key metrics used to evaluate user responses in different phishing simulation types. It serves as a comprehensive guide for understanding how individuals interact with various simulated phishing attacks, including email phishing, smishing, quishing, vishing, and callback phishing. Each metric is linked to specific actions taken by users during these simulations, providing critical data for assessing the effectiveness of phishing awareness training programs.

Simulation TypeMetricDescription

Email Phishing

Opened Email

Opened phishing simulation email.

Clicked Link

Clicked the link in simulated phishing email.

Opened Attachment

Opened the suspicious attached file in phishing email.

Submitted Data

Submitted sensitive data on phishing landing page.

Submit MFA Code

Submitted one-time code for Multi-Factor Authentication (MFA) on phishing landing page.

Phishing Reports

Reported simulated phishing emails.

Smishing

Clicked Link

Clicked the link in simulated phishing SMS.

Submitted Data

Submitted sensitive data on phishing landing page via SMS link.

Quishing

Opened Email

Opened phishing simulation email.

Scanned QR Link

Scanned a QR code that led to a phishing site.

Submitted Data

Submitted sensitive data on phishing landing page.

Vishing

Answered Call

Answered a call in a vishing attempt, engaging with the caller.

Shared Sensitive Data

Disclosed sensitive information during a vishing call.

Callback Phishing

Opened Email

Opened phishing simulation email.

Called Back

Returned a call to a number provided in a phishing email as part of a callback phishing simulation.

Entered Digits

Entered personal identification numbers or sensitive information in response to a callback request.

How the Phishing Risk Score Is Calculated?

Keepnet calculates the Phishing Risk Score for a campaign based on identified risky behaviors.

Here are some of the risky behaviors that we detect during phishing simulations and use in the calculation for phishing risk scores.

Risk BehaviorsLowMediumHigh

Open Phishing Email

x

Click Phishing URL

x

MFA Code Sharing

x

Data Submit on Phishing Page

x

Open Attachment

x

Answer Voice Phishing Call

x

Share Sensitive Data on Voice Phishing Calls

x

Give unauthorized access to the system on the phone

x

Scan QR Code Phishing

x

Reply to phishing SMS

x

Suppose 100 individuals receive QR phishing emails, and 45 of them scan the QR code in the phishing email, this indicates that 45% of the employees engaged in a risky action. If 10 of those 45 individuals proceed to data submit on phishing page, the Phishing Risk Score Percentage for that campaign would rise to 55%.

Here's a step-by-step explanation for calculating the Phishing Risk Score Percentage:

  1. Total Target Users: 100 employees receive a phishing email with a QR code to test their response to potential phishing threats.

  2. Initial Response: 45 of these 100 employees scan the QR code, indicating a 45% initial failure rate due to this risky behavior.

  3. Further Risky Action: Of those who scanned, 10 also submit data on the phishing page, demonstrating higher risk engagement.

  4. Final Risk Score Calculation: Adding the submissions increases the Phishing Risk Score to 55%. This metric illustrates the percentage of at-risk employees, aiding in targeted cybersecurity training and enhancements.

QR code phishing is used here as just one example; similar formulas can be applied to SMS, voice, callback, and email phishing simulations.

The usage of the Phishing Risk Score can be found in the Industry Benchmark report.

The following criteria are not included in calculating the phishing risk score:

  • Phishing activities belonging to IPs excluded from the campaign report or defined as a Sandbox activity will not be included in the calculation.

  • Companies in the "test" group will not be included in the calculations.

  • Campaigns marked as "Mark as Test" will not be included in these calculations.

How is the Human Cyber Risk Score Calculated?

The Human Cyber Risk Score measures the percentage of users who exhibit risky behaviors during a phishing simulation.

Unlike the Phishing Risk Score, which counts each specific risky action, the Human Cyber Risk Score only identifies whether any risky behavior occurred, not how many times it happened. This score simply reflects the proportion of users who demonstrated at least one risky action.

The user shows at least one of the following risky behaviors:

Risk BehaviorsLowMediumHigh

Open Phishing Email

x

Click Phishing URL

x

MFA Code Sharing

x

Data Submit on Phishing Page

x

Open Attachment

x

Answer Voice Phishing Call

x

Share Sensitive Data on Voice Phishing Calls

x

Give unauthorized access to the system on the phone

x

Scan QR Code Phishing

x

Reply to phishing SMS

x

This percentage is calculated by dividing the number of simulations where the user showed risky behavior by the total number of phishing simulations they received.

For instance, if a user displays risky behavior in one of three simulations, their Human Cyber Risk Score Percentage is 33%.

Target UserQR PhishingVoice PhishingSMS PhishingHuman Cyber Risk Score FormulaHuman Cyber Risk Score (%)

Alex

No

No

Yes

(1 / 3) * 100

33%

Bob

Yes

Yes

No

(2 / 3) * 100

67%

This table demonstrates whether each individual displayed risky behavior in each type of phishing campaign and calculates their overall Human Cyber Risk Score.

A higher Human Cyber Risk Score suggests that the individual is more susceptible to falling for social engineering attacks.

Reported phishing is a secure behavior that is not counted as a risky behavior.

Last updated

Copyright © Keepnet Labs LTD. All rights reserved.