What is HRI?
HRI is a composite score from 0-1000 that measures an individual’s or group’s security vigilance. Think of it like a credit score: higher scores indicate lower risk (more vigilant, security-conscious behavior).HRI Components
HRI combines three dimensions:Behavior (Weight varies)
Actions taken by users:- Training completion and timeliness
- Policy compliance
- Phishing simulation performance
- Security tool usage
- Data handling practices
Threat (Weight varies)
External threats targeting users:- Phishing attempts received
- Malware targeting
- Social engineering attempts
- Attack frequency and sophistication
Identity (Weight varies)
Access and privilege factors:- Administrative access
- Sensitive data access
- Role-based risk
- Access patterns
Component weights are configured by your organization based on priorities.
Vigilance Levels
| Score Range | Level | Description |
|---|---|---|
| 800-1000 | High Vigilance | Security champions, excellent practices |
| 600-799 | Somewhat Vigilant | Good security behaviors |
| 400-599 | Neutral | Average security posture |
| 200-399 | Somewhat Risky | Needs attention and training |
| 0-199 | High Risk | Immediate intervention required |
How HRI is Calculated
Data Collection
The platform collects signals from integrated systems:
- Training platforms
- Security tools
- Identity providers
- Communication systems
Using HRI
For Individuals
- Identify high-risk users for intervention
- Track improvement over time
- Prioritize who needs attention
For Cohorts
- Compare departments or locations
- Identify systemic issues
- Target group interventions
For Organization
- Track overall security posture
- Report to leadership
- Measure program effectiveness
HRI Trends
Beyond the current score, track:- Direction - Improving, declining, stable
- Rate of change - How fast is it changing
- Comparison - Relative to baseline or peers
Factors Affecting HRI
Positive Factors (Increase Score → Lower Risk)
- Completing training on time
- Reporting phishing attempts
- Following security policies
- Using security tools properly
Negative Factors (Decrease Score → Higher Risk)
- Clicking phishing links
- Overdue training
- Policy violations
- Risky data handling
FAQs
How often is HRI updated?
How often is HRI updated?
HRI is updated as new data arrives from integrations, typically within 24 hours of any activity.
Can HRI scores be manipulated?
Can HRI scores be manipulated?
HRI is calculated from objective data. Scores improve through genuine behavior change, not gaming.
What's a good HRI target?
What's a good HRI target?
Most organizations aim for average HRI above 600 (Somewhat Vigilant or higher). The specific target depends on your risk tolerance and industry.
Why did someone's HRI change suddenly?
Why did someone's HRI change suddenly?
Significant events like clicking a phishing simulation or major policy violation can cause sudden changes. Ask Livvy for explanation of any specific change.
Related
Glossary
All platform terms.
Dashboard Home
Viewing HRI on dashboard.
Cohort Insights
Cohort-level HRI analysis.
Livvy Insights
Ask Livvy about HRI.