Human risk management for MSPs, across every client at once
Human risk management isn’t just a score — it’s a loop. INFIMA scores every user across all your clients, then drives that score down with targeted training and phishing built on behavioral science. Measure, improve, re-measure — one system, not separate modules.
Human risk
Every client’s users, ranked by risk on one screen.
| User | Role | Score | Clicks | Reports |
|---|---|---|---|---|
Chris Vogel Meridian Dental | Standard | F330 | 4 | 0 |
Dana Powell Northwind Trading | Finance | F360 | 3 | 0 |
Robin Tran Lakeside Logistics | Admin | D430 | 2 | 1 |
Marcus Webb Northwind Trading | Standard | D470 | 2 | 0 |
Alex Reyes Brightway Clinic | Executive | D510 | 1 | 2 |
The shift
A completion rate doesn’t tell you who’s risky
For years, security awareness training answered one question: did the user do the training? That’s a fine number for a report. It’s a poor answer to the question your clients keep asking: how exposed are we?
Two users can both be “100% complete” and be nowhere near the same risk. One reports every phishing email he gets. The other clicked the last three and reuses a password that’s already been breached. A risk score separates them. So instead of telling a client “everyone did their training,” you can show them who’s exposed and what you’re doing about it. That’s a much better QBR.
How the score works
Every signal that predicts risk, in one score per user
Each user gets one risk score, built from the signals that predict exposure. The weighting follows how risk really works: a sensitive role counts for more, a pattern of clicks counts for more than a one-off, and recent behavior counts for more than something from a year ago. INFIMA computes it and keeps it current as new activity comes in.
- Training they’ve completed.
- What a user actually learned, and how recently. Not just whether a course got checked off.
- Phishing simulation results.
- Whether they clicked, ignored, or reported the phishing tests you sent.
- Real phishing they’ve reported.
- A user who reports real phishing is helping defend the place, so that counts in their favor.
- Credential and dark-web exposure.
- Whether the user’s credentials turned up in a known breach, with severity and whether a password was exposed.
- Their role.
- A finance admin and a warehouse user don’t carry the same risk, so admins, execs, HR, and finance weigh heavier.
No black box
Watch a risk score get built
A score isn’t a verdict handed down from nowhere. It’s the sum of what a user actually does. Here’s the same user, scored signal by signal.
Why: Recent phishing clicks and a breached password, in a finance role that raises the stakes.
Illustrative demo data. The score scale and the direction of each signal follow the product; exact weighting is computed in the platform.
How it works in practice
From signal to action, automatically
You don’t maintain the score. The platform does. Here’s the loop it runs for every user, in every client.
Signals come in
Training, phishing simulations, reported real phish, credential/breach exposure, and role flow in as users go about their work.
A score is computed
Those signals roll up into one score per user. Nothing to tally by hand.
It’s kept current
As new activity lands, the score updates. It reflects where someone stands now, not last quarter.
It’s surfaced for action
Scores rank across all your clients, so the riskiest users surface first.
Built for many clients
See risk across every client from one screen
Most human-risk tools assume you’re a single company watching yourself. You’re not. You run dozens of clients, each with their own users, and you answer for all of them. INFIMA scores risk per user and rolls it up across every client, so it’s one screen instead of a stack of logins.
- Compare clients side by side.
- See every client’s risk in one place and tell at a glance which ones need attention.
- Spot the client that’s behind.
- Find the client carrying the most high-risk users before it turns into an incident or an awkward QBR.
- No tenant-hopping.
- It’s all in one place, not something you rebuild by logging into each client.
Clients
Risk across every client, side by side.
| Client | Users | Avg score | High risk |
|---|---|---|---|
| Meridian Dental | 64 | D540 | 14 |
| Northwind Trading | 118 | C612 | 29 |
| Lakeside Logistics | 52 | C640 | 9 |
| Brightway Clinic | 80 | C668 | 11 |
| Cedar & Co | 31 | B724 | 3 |
Put it to work
Turn risk into action, and a conversation clients value
A score is only useful if you act on it. From the risk view you can assign training, flag a client, or pull the numbers for a meeting without digging.
- Target the training that matters
- Point training at the users the score flags instead of blasting one campaign to everyone. The people who need it get it.
- Walk into the QBR with the answer
- Show a client where their risk sits, who’s driving it, and how it’s moved since last quarter. The review writes itself.
- Turn it into a service you can sell
- A real risk number gives the “you should invest more in security” conversation teeth. It’s also a service line you can charge for.
- Spend your time where the risk is
- Across hundreds of users and dozens of clients, the score points you at the handful that matter, so your time goes where it counts.
See it
The risk dashboard, up close
What’s driving this score
“Btw, we love the new Risk scores. We saw almost instant improvement just by sharing some of this data with our clients.”
More of the platform
See human risk across all your clients.
Book a walkthrough and we’ll show you your clients’ risk the way you’d actually use it. Or watch the tour first.
Already a partner? Visit the knowledge base