Simulation
Phishing tests create realistic behavior signals such as clicks, submissions, reports, and safe decisions.
Track. Test. Train.
See human risk clearly,then reduce it.
PhishingBox turns real user behavior into dynamic human risk scores, then connects those scores to phishing defense, security training, email reporting, and targeted action.
60%
of all breaches involve the human element.
Track Risk
Give each target a dynamic score that reflects behavior, exposure, and improvement over time.
Test Users
Use realistic simulations and reporting signals to understand who needs more support.
Train Smarter
Connect risk movement to targeted training, microlearning, and follow-up workflows.
Risk Visibility
A human risk score built from real behavior.
Organizations face increasing pressure to reduce human risk while meeting compliance requirements. PhishingBox brings phishing simulations, security awareness training, email reporting, AI-powered insights, integrations, and API access into one human risk platform.
Traditional awareness reporting can tell you who clicked or who completed training. Human Risk Management connects those events into a living score so security teams can spotlight high-risk users, see who is improving, and understand which departments need more attention. For teams that describe this work as Secure Behavior Management (SBM), the goal is the same: measure behavior, prioritize risk, and guide better decisions.
- Identify high-risk users quickly instead of digging through disconnected reports.
- Understand individual and group risk with dashboards built for action.
- Use the score to guide training, coaching, and manager conversations.
Program Flow
Simulation → Risk Score → Training → Behavior Change
The score is not just a number. It is a feedback loop that helps administrators turn employee behavior into targeted action and measurable improvement.
Risk Score
Signals are weighted and computed into user, group, and account-level risk views.
Training
High-risk users can receive more relevant education, follow-up, and reinforcement.
Behavior Change
Scores update as people learn, report suspicious messages, and avoid risky actions.
Score Inputs
Training, testing, protection, and risk data in one ecosystem.
PhishingBox Risk Score combines available platform signals into a practical risk view. If a package or integration does not provide a specific signal, that input is simply not used.
Realistic Simulation Behavior
Clicks, submissions, reports, and other phishing test outcomes help reveal who needs more coaching and who is improving.
Training and Microlearning
Personalized training, course activity, microlearning, and supported third party training data can help show who is improving.
Email Reporting Feedback
One-click reporting and AI-powered email risk insights can add real-world feedback to the broader human risk picture.
Custom Scoring Rules
Tune colors, ranges, weighted averages, and how much specific behaviors can increase or reduce a user score.
Target and Group Views
Filter, sort, and compare targets or departments so teams can prioritize the people and groups that need attention first.
Integrations and API Access
Sync identity, HR, LMS, and security data, then pull risk data into reporting, SIEM, or custom workflows through the API.
Platform Screenshots
See risk from the account view down to the target.
These Risk Score views help teams spot high-risk users, compare departments, and understand the details behind each score without leaving the platform.
Customizable Scoring
Tune the score to match how your organization thinks about risk.
Risk scoring is configurable, so teams can align the score with their policies and reporting needs. Control color bands, weighted averages, and how much specific outcomes can increase or decrease a user's score.
Risk colors and ranges
Define how risk levels appear across dashboards and target views.
Weighted averages
Control how different signal categories contribute to the final score.
Score movement
Set how much events can move risk up or down after user actions.
Available signals
Use the data available from your package, integrations, and workflows.
FAQs
Human Risk Management FAQs
Answers to common questions about Risk Score customization, package availability, API access, computation timing, and scoring methodology.
Can you customize how risks are scored?
Yes. Risk scoring is customizable, including color ranges, weighted averages, and the amount specific events can move a score up or down. That gives teams room to align the model with their security program, reporting expectations, and internal definition of meaningful risk.
What package is Human Risk Management included in?
Human Risk Management is included in all packages. The score only uses the data available in your package and connected features, so it will not be skewed by missing inputs. For example, if you do not use PhishingBox School or a supported third-party LMS connection, training data will not be used to evaluate who is improving through education.
Can you access the Risk Score through the API?
Yes. Risk Score data can be accessed through the PhishingBox API. Teams can use that data in custom reporting, executive dashboards, SIEM workflows, client reporting, or other internal security processes.
How often does the Risk Score compute?
Scores typically compute within 24 hours or when enough data has been collected to provide a good representation of risk. When certain events happen, the score for a specific user can also be updated independently, so recent behavior can be reflected without waiting for a full account-wide recalculation.
Do you have additional details on how the Risk Score is computed?
Yes. PhishingBox has a complete thesis on the Risk Score methodology. Please contact your account executive to obtain a copy.
What signals can be included in a Human Risk Score?
The score can use signals from phishing simulations, training activity, reporting behavior, target and group risk, supported LMS data, and other available platform activity. The model is designed to use the inputs you have available instead of penalizing you for data sources you do not use.
How should security teams use Human Risk Scores?
Risk scores are meant to help teams prioritize action. Administrators can spotlight higher-risk users, compare group or department trends, assign more relevant training, and report progress to leadership with a clearer view of behavior change over time.
Can managers or administrators compare risk by group or department?
Yes. Group and department views help administrators understand where risk is concentrated, which teams are improving, and where additional simulations, training, or communication may be useful.