Human Risk Management

Human risk management for MSPs, across every client at once

Training completion told you who finished. It never told you who’s actually risky. INFIMA scores human risk for every user — and rolls it up across every client you manage, so you can see where your exposure really is from one place.

Book a demoWatch the walkthroughHow it works
INFIMA risk dashboard ranking every client’s users by risk score on one screen

The shift

A completion rate told you who finished. Not who’s risky.

For years, security awareness training answered one question: did the user do the training? That’s a useful number for a report — and a poor answer to the question your clients actually ask: how exposed are we?

Two users can both be “100% complete” and carry completely different risk — one reports every phishing email they get, the other clicks the first lure and reuses a password that’s already in a breach. A risk score tells those two users apart. It turns “we ran the training” into “here’s who’s exposed, and here’s what we’re doing about it” — the version of the conversation that holds up in a QBR.

How the score works

Every signal that predicts risk, in one score per user

Each user gets a single risk score, built from the signals that actually move the needle on exposure. Signals are weighted the way risk actually behaves: role multipliers raise the stakes for sensitive roles, compounding penalties treat a pattern of clicks as worse than a one-off, and time-decay lets recent behavior outweigh old events. It’s computed for you and kept current as new activity comes in.

Training they’ve actually completed.
What a user has learned — and how recently — not just whether a course was marked done.
Phishing simulation results.
How they’ve responded to the simulated phishing you’ve sent — clicked, ignored, or reported.
Real phishing they’ve reported.
Reporting a real threat is a positive signal — the user is part of the defense, not just a target.
Credential and dark-web exposure.
Whether the user’s credentials have shown up in a known breach — flagged with severity and whether a password was exposed.
Their role.
Role multipliers raise the stakes for admins, execs, HR, and finance — exposure isn’t the same for a finance admin and a warehouse user.

How it works in practice

From signal to action, automatically

You don’t maintain the score — the platform does. Here’s the loop running underneath every user, in every client.

    1

    Signals come in

    Training, phishing simulations, reported real phish, credential/breach exposure, and role flow in as users go about their work.

    2

    A score is computed

    Those signals roll up into a single risk score for every user — no tallying by hand.

    3

    It’s kept current

    As new activity lands, the score updates, so it reflects where a user stands now, not last quarter.

    4

    It’s surfaced for action

    Scores rank across every client, so the riskiest users in your whole book of business rise to the top.

Built for many clients

See risk across every client — from one screen

Most human risk tools assume you’re one organization looking at yourself. You’re not — you run dozens of clients, each with their own users, and you’re accountable for all of them. INFIMA is multi-tenant by design: risk is computed per user, then rolled up across every client you manage, so the whole book of business is one screen instead of a stack of logins.

Compare clients side by side.
See which clients are trending up and which are improving, in one comparison view.
Spot the movers.
Catch a client whose risk is climbing before it shows up as an incident or an awkward QBR.
No tenant-hopping.
The cross-client picture is one place — not something you reassemble by logging into each client.
INFIMA view comparing risk trend across an MSP’s clients side by side over time

Put it to work

Turn risk into action — and into a conversation clients value

A score is only worth having if it changes what you do. The risk view is built to drive the next move, not just sit on a dashboard.

Target the training that matters
Assign remedial training directly from any user’s risk profile — the right training to the users who actually need it, instead of the same campaign to everyone and hoping it lands.
Walk into the QBR with the answer
Show a client exactly where their risk sits, who’s driving it, and how it’s moved since last quarter — the evidence that makes the review easy.
Justify — and sell — the security conversation
A concrete risk number turns “you should do more on security” into a conversation a client can act on, and a service you can stand behind charging for.
Spend your time where the risk is
Across hundreds of users in dozens of clients, the score points you at the few that move the needle — so your attention goes to the right place.

See it

The risk dashboard, up close

INFIMA single-user risk score drill-down showing the signal-by-signal breakdown behind the score

Btw, we love the new Risk scores. We saw almost instant improvement just by sharing some of this data with our clients.

Sean Place · Interplay IT

More of the platform

Dark Web MonitoringDark-web exposure is one of the signals behind every user’s risk score — see how it’s caught and handled.
Compliance & FrameworksThe same per-client activity that drives risk scores also maps to the frameworks your clients answer to.
All platform featuresTraining, phishing simulations, white-labeling, PSA integrations, billing, and reporting.

See human risk across your whole book of business.

Book a walkthrough and we’ll show you your clients’ risk the way you’ll actually use it — across every client, from one screen. Or watch the tour first.

Book a demoWatch the walkthrough

Already a partner? Visit the knowledge base