Risk scoring
How Watchword turns behavior into numbers: the campaign phish-prone %, the per-person Human Risk Score and its bands, department breakdowns, the trend chart, and overdue-training tracking.
1 · Phish-prone %
Phish-prone % is the headline risk number. It's computed two ways, with the same formula:
phish-prone % = (clicked + submitted) ÷ sent × 100- Per campaign — shown on each campaign card and in the Simulator results. It measures how risky that one simulation was.
- Org-wide — shown in Program → Analytics as "Org phish-prone". It pools sent / clicked / submitted across all campaigns for the active client.
Lower is better. The goal of a program is to watch this number fall over successive campaigns as training takes hold.
2 · Human Risk Score (per person)
Each person has a Human Risk Score from 0 (best) to 100 (worst), aggregated across all of the active client's campaigns. Everyone starts at a neutral baseline of 30, and each campaign nudges it:
| Behavior in a campaign | Effect on score |
|---|---|
| Submitted data on the fake page | +35 |
| Clicked but didn't submit | +20 |
| Reported the phish | −15 (reporting is rewarded) |
| Opened but did nothing risky (clean open) | −3 |
The result is clamped to the 0–100 range. Submitting and clicking are mutually exclusive in scoring (submit takes precedence), and a person who reports is rewarded even if they opened. You'll find the full per-person table in Program → Analytics → Human Risk Score, sorted highest-risk first, with a one-line signal ("reports phish", "clicked a sim", or "no risky behavior").
Human Risk bands
Scores are grouped into three bands for at-a-glance triage:
| Band | Score range | What it means |
|---|---|---|
| Low | 0–34 | Behaving safely; little intervention needed. |
| Med | 35–59 | Some risky behavior; keep an eye on them. |
| High | 60–100 | Repeatedly risky; prioritize for training and targeted sims. |
The same banding colors the phish-prone pills and the department breakdown. The High-risk (Human Risk Score ≥ 50) cohort in the simulator lets you target the riskiest people directly.
3 · Program analytics
Open Program → Analytics. It has four sections:
| Section | What it shows |
|---|---|
| Program at a glance | Campaigns run, org phish-prone %, courses live, completion %, and the number of people at high risk. |
| Phish-prone trend | A bar per campaign, oldest to newest, colored by risk band — so you can see the number trend down over time. |
| Phish-prone by department | Per department: sent, clicked/submitted, reported, and phish-prone %. Reveals which teams need attention. |
| Human Risk Score (per person) | The full ranked table described above. |
4 · Overdue training
Overdue training is the other half of the risk picture: people who were assigned a course and let it lapse. It surfaces in several places:
- Program → Training due → Reminder queue — Open / Due-soon / Overdue / Completed counts, plus a list of overdue and due-soon items with manager escalation targets.
- Program → Learner view — an
overduestatus pill on a person's assignment. - MSP console → Cross-client risk board — an "Overdue" column per client and a portfolio total. You can even sort the board by overdue training.
- Exports & evidence — open and overdue assignment counts are in the training summary and the evidence payload.
An assignment becomes overdue the moment its due date passes without the course being completed. See Training → Assignments for how due windows are set.