Skip to main content
The Human Risk Index is the core metric in the Living Security Platform, providing a comprehensive measure of security risk from human factors.

What is HRI?

HRI is a composite score from 0-1000 that measures an individual’s or group’s security vigilance. Think of it like a credit score: higher scores indicate lower risk (more vigilant, security-conscious behavior).

HRI Components

HRI combines three dimensions:

Behavior (Weight varies)

Actions taken by users:
  • Security awareness behaviors
  • Data handling practices
  • Policy compliance
  • Security tool usage
  • Training engagement

Threat (Weight varies)

External threats targeting users:
  • Phishing attempts received
  • Malware targeting
  • Social engineering attempts
  • Attack frequency and sophistication

Identity (Weight varies)

Access and privilege factors:
  • Administrative access
  • Sensitive data access
  • Role-based risk
  • Access patterns
Component weights are configured by your organization based on priorities.

Vigilance Levels

How HRI is Calculated

1

Data Collection

The platform collects signals from integrated systems:
  • Training platforms
  • Security tools
  • Identity providers
  • Communication systems
2

Signal Processing

Raw data is converted to normalized scores for each factor.
3

Component Scoring

Factors are weighted and combined into Behavior, Threat, and Identity scores.
4

Final Calculation

Components are weighted and combined into the final HRI.

Using HRI

For Individuals

  • Identify high-risk users for action
  • Track improvement over time
  • Prioritize who needs attention

For Cohorts

  • Compare departments or locations
  • Identify systemic issues
  • Target group actions

For Organization

  • Track overall security posture
  • Report to leadership
  • Measure program effectiveness
Beyond the current score, track:
  • Direction - Improving, declining, stable
  • Rate of change - How fast is it changing
  • Comparison - Relative to baseline or peers

Factors Affecting HRI

Positive Factors (Increase Score → Lower Risk)

  • Reporting phishing attempts and suspicious activity
  • Following security policies consistently
  • Using approved tools and secure data handling
  • Strong authentication practices (MFA enrollment, no credential sharing)
  • Timely response to security alerts
  • Completing assigned training

Negative Factors (Decrease Score → Higher Risk)

  • Clicking phishing links or submitting credentials
  • Downloading malicious attachments
  • Sharing sensitive data inappropriately
  • Policy violations (unauthorized apps, shadow IT)
  • Ignoring security alerts or warnings
  • Risky authentication behavior (weak passwords, MFA bypass attempts)
  • Incomplete or overdue training assignments

FAQs

HRI is updated as new data arrives from integrations, typically within 24 hours of any activity.
HRI is calculated from objective data. Scores improve through genuine behavior change, not gaming.
Most organizations aim for average HRI above 600 (Somewhat Vigilant or higher). The specific target depends on your risk tolerance and industry.
Significant events like clicking a suspicious link or a major policy violation can cause sudden changes. Ask Livvy for explanation of any specific change.

Glossary

All platform terms.

Dashboard Home

Viewing HRI on dashboard.

Cohort Insights

Cohort-level HRI analysis.

Livvy Insights

Ask Livvy about HRI.