> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Human Risk Index (HRI)

> Comprehensive guide to the Human Risk Index - how it's calculated, what the scores mean, and how to use HRI to drive your security program.

The Human Risk Index is the core metric in the Living Security Platform, providing a comprehensive measure of security risk from human factors.

## What is HRI?

HRI is a composite score from 0-1000 that measures an individual's or group's security vigilance. Think of it like a credit score: **higher scores indicate lower risk** (more vigilant, security-conscious behavior).

## HRI Components

HRI combines three dimensions:

### Behavior (Weight varies)

Actions taken by users:

* Security awareness behaviors
* Data handling practices
* Policy compliance
* Security tool usage
* Training engagement

### Threat (Weight varies)

External threats targeting users:

* Phishing attempts received
* Malware targeting
* Social engineering attempts
* Attack frequency and sophistication

### Identity (Weight varies)

Access and privilege factors:

* Administrative access
* Sensitive data access
* Role-based risk
* Access patterns

<Info>
  Component weights are configured by your organization based on priorities.
</Info>

## Vigilance Levels

| Score Range | Level             | Description                             |
| ----------- | ----------------- | --------------------------------------- |
| 800-1000    | High Vigilance    | Security champions, excellent practices |
| 600-799     | Somewhat Vigilant | Good security behaviors                 |
| 400-599     | Neutral           | Average security posture                |
| 200-399     | Somewhat Risky    | Needs attention and training            |
| 0-199       | High Risk         | Immediate action required               |

## How HRI is Calculated

<Steps>
  <Step title="Data Collection">
    The platform collects signals from integrated systems:

    * Training platforms
    * Security tools
    * Identity providers
    * Communication systems
  </Step>

  <Step title="Signal Processing">
    Raw data is converted to normalized scores for each factor.
  </Step>

  <Step title="Component Scoring">
    Factors are weighted and combined into Behavior, Threat, and Identity scores.
  </Step>

  <Step title="Final Calculation">
    Components are weighted and combined into the final HRI.
  </Step>
</Steps>

## Using HRI

### For Individuals

* Identify high-risk users for action
* Track improvement over time
* Prioritize who needs attention

### For Cohorts

* Compare departments or locations
* Identify systemic issues
* Target group actions

### For Organization

* Track overall security posture
* Report to leadership
* Measure program effectiveness

## HRI Trends

Beyond the current score, track:

* **Direction** - Improving, declining, stable
* **Rate of change** - How fast is it changing
* **Comparison** - Relative to baseline or peers

## Factors Affecting HRI

### Positive Factors (Increase Score → Lower Risk)

* Reporting phishing attempts and suspicious activity
* Following security policies consistently
* Using approved tools and secure data handling
* Strong authentication practices (MFA enrollment, no credential sharing)
* Timely response to security alerts
* Completing assigned training

### Negative Factors (Decrease Score → Higher Risk)

* Clicking phishing links or submitting credentials
* Downloading malicious attachments
* Sharing sensitive data inappropriately
* Policy violations (unauthorized apps, shadow IT)
* Ignoring security alerts or warnings
* Risky authentication behavior (weak passwords, MFA bypass attempts)
* Incomplete or overdue training assignments

## FAQs

<AccordionGroup>
  <Accordion title="How often is HRI updated?">
    HRI is updated as new data arrives from integrations, typically within 24 hours of any activity.
  </Accordion>

  <Accordion title="Can HRI scores be manipulated?">
    HRI is calculated from objective data. Scores improve through genuine behavior change, not gaming.
  </Accordion>

  <Accordion title="What's a good HRI target?">
    Most organizations aim for average HRI above 600 (Somewhat Vigilant or higher). The specific target depends on your risk tolerance and industry.
  </Accordion>

  <Accordion title="Why did someone's HRI change suddenly?">
    Significant events like clicking a suspicious link or a major policy violation can cause sudden changes. Ask Livvy for explanation of any specific change.
  </Accordion>
</AccordionGroup>

## Related

<CardGroup cols={2}>
  <Card title="Glossary" icon="book" href="/reference/glossary">
    All platform terms.
  </Card>

  <Card title="Dashboard Home" icon="home" href="/guides/dashboard-home">
    Viewing HRI on dashboard.
  </Card>

  <Card title="Cohort Insights" icon="layer-group" href="/guides/cohorts/cohort-insights">
    Cohort-level HRI analysis.
  </Card>

  <Card title="Livvy Insights" icon="sparkles" href="/guides/livvy/insights">
    Ask Livvy about HRI.
  </Card>
</CardGroup>
