Most vulnerable users are users who have the lowest reliability rating in a company (below the median value of a company).
Reliability Rating is calculated for each registered user in a company. It depends on three metric types. Also, each of the metric types has its own “Impact Coefficient”. The bigger the coefficient, the more role in the reliability rating a particular metric type plays.
-
Training Progress
The more % of completed training, the more reliable the rating. Only positive impact.
TRAINING_IMPACT_COEFFICIENT = 1;
-
Gaming (Phishing Exercise) Progress
Gaming progress depends on the average gaming score. If it’s 5+ points - it’s a positive impact. If it’s below 5 points - it’s a negative impact
GAMING_IMPACT_COEFFICIENT = 2.5;
-
Percent of phished emails. If it’s 0% - it’s a positive impact. If above 0% - it’s a negative impact.
PHISHING_IMPACT_COEFFICIENT = 4;
Number of Most Vulnerable Users
When the reliability rating for each user is calculated we can find out the median value of it for a company.
So most vulnerable users are users' reliability rating which is below the median value of a company. But at the same time, it can’t exceed the maximum number of most vulnerable users that we have in the table below (depends on the number of registered users in a company)
Maximum Number of most vulnerable users by number of registered users in a company
|
Number of registered users |
Maximum Most Vulnerable Users |
|---|---|
|
0-2 |
0 |
|
3-5 |
1 |
|
6-10 |
2 |
|
11-20 |
5 |
|
21-50 |
8 |
|
51-100 |
10 |
|
101-200 |
15 |
|
201-500 |
25 |
|
501-1000 |
30 |
|
1001+ |
40 |