What is HRI?
HRI is a composite score from 0-1000 that measures an individual’s or group’s security vigilance. Think of it like a credit score: higher scores indicate lower risk (more vigilant, security-conscious behavior).HRI Components
HRI combines three dimensions:Behavior (Weight varies)
Actions taken by users:- Security awareness behaviors
- Data handling practices
- Policy compliance
- Security tool usage
- Training engagement
Threat (Weight varies)
External threats targeting users:- Phishing attempts received
- Malware targeting
- Social engineering attempts
- Attack frequency and sophistication
Identity (Weight varies)
Access and privilege factors:- Administrative access
- Sensitive data access
- Role-based risk
- Access patterns
Component weights are configured by your organization based on priorities.
Vigilance Levels
How HRI is Calculated
1
Data Collection
The platform collects signals from integrated systems:
- Training platforms
- Security tools
- Identity providers
- Communication systems
2
Signal Processing
Raw data is converted to normalized scores for each factor.
3
Component Scoring
Factors are weighted and combined into Behavior, Threat, and Identity scores.
4
Final Calculation
Components are weighted and combined into the final HRI.
Using HRI
For Individuals
- Identify high-risk users for action
- Track improvement over time
- Prioritize who needs attention
For Cohorts
- Compare departments or locations
- Identify systemic issues
- Target group actions
For Organization
- Track overall security posture
- Report to leadership
- Measure program effectiveness
HRI Trends
Beyond the current score, track:- Direction - Improving, declining, stable
- Rate of change - How fast is it changing
- Comparison - Relative to baseline or peers
Factors Affecting HRI
Positive Factors (Increase Score → Lower Risk)
- Reporting phishing attempts and suspicious activity
- Following security policies consistently
- Using approved tools and secure data handling
- Strong authentication practices (MFA enrollment, no credential sharing)
- Timely response to security alerts
- Completing assigned training
Negative Factors (Decrease Score → Higher Risk)
- Clicking phishing links or submitting credentials
- Downloading malicious attachments
- Sharing sensitive data inappropriately
- Policy violations (unauthorized apps, shadow IT)
- Ignoring security alerts or warnings
- Risky authentication behavior (weak passwords, MFA bypass attempts)
- Incomplete or overdue training assignments
FAQs
How often is HRI updated?
How often is HRI updated?
HRI is updated as new data arrives from integrations, typically within 24 hours of any activity.
Can HRI scores be manipulated?
Can HRI scores be manipulated?
HRI is calculated from objective data. Scores improve through genuine behavior change, not gaming.
What's a good HRI target?
What's a good HRI target?
Most organizations aim for average HRI above 600 (Somewhat Vigilant or higher). The specific target depends on your risk tolerance and industry.
Why did someone's HRI change suddenly?
Why did someone's HRI change suddenly?
Significant events like clicking a suspicious link or a major policy violation can cause sudden changes. Ask Livvy for explanation of any specific change.
Related
Glossary
All platform terms.
Dashboard Home
Viewing HRI on dashboard.
Cohort Insights
Cohort-level HRI analysis.
Livvy Insights
Ask Livvy about HRI.

