Human Risk Score — Technical Specification

The Human Risk Score (HRS) is a real-time, per-employee metric (0–100) that quantifies behavioural risk based on threat exposure, training response, and historical incident data. This document describes the calculation model, update cadence, and API surface.

Score composition

Score interpretation

• 0–25 — Low risk. Employee is engaged, responds well to training, rarely exposed to threats.
• 26–50 — Moderate risk. Some training gaps or irregular exposure. Monitor and target with relevant content.
• 51–75 — Elevated risk. Active threat exposure or poor simulation performance. Trigger adaptive training.
• 76–100 — Critical risk. Immediate intervention recommended. Escalate to security team.

Decay model

Scores decay toward the cohort mean over time when no new signals are received. The decay half-life is 90 days by default and is configurable per tenant between 30–180 days. This prevents stale high scores from persisting indefinitely.

API reference

Get score for a single employee

GET /v1/employees/{employee_id}/risk-score
Response:
{
"employee_id": "usr_abc123",
"score": 67,
"band": "elevated",
"last_updated": "2025-04-14T09:22:00Z",
"signals": {
"phishing_simulation": 72,
"threat_exposure": 81,
"training": 44,
"incidents": 0,
"peer_benchmark": 58
}
}

Get department risk summary

GET /v1/departments/{department_id}/risk-summary
Response:
{
"department_id": "dept_finance",
"name": "Finance",
"employee_count": 42,
"average_score": 54,
"distribution": {
"low": 12,
"moderate": 18,
"elevated": 9,
"critical": 3
},
"trend": "improving"
}

Export for board reporting

GET /v1/reports/human-risk?format=pdf&period=monthly
Returns a signed URL to a generated PDF report suitable for board or NIS2 audit presentation.

Tenant configuration