The Behavior Risk Indicator (BRI) is a new way to see how human behaviour is shaping your organisation's risk of a security incident. The new Risk reports show you which behaviours, people, and groups are driving that risk, so you know where to focus.
The new Risk reports bring you the Behavior Risk Indicator
BRI grounds you in the risk of a security incident. It combines two things:
Behaviour — what people are doing, captured from your integrations and CybSafe activity.
Impact — the role and access of the people behaving that way.
The result is a score from 0 to 1000. The higher the score, the more behaviour is contributing to your risk. The same risky behaviour from someone with broad access carries more weight than from someone with limited access — because the potential consequences are bigger.
What's in the new Risk reports
You'll find the new Risk reports in the admin menu under Reports > Risk. The area is organised into four views, each answering a different question.
Overview
Your starting point. Shows your Organization BRI, which is the single number that summarises your behavioural risk picture, alongside trend over time and contribution by group and user level.
Use this view to:
See how your organisation is tracking overall.
Spot whether risk is moving up or down.
Decide where to look next.
Behaviors
Lists every behaviour CybSafe is measuring, ranked by Behavior BRI which shows how much each one is contributing to your overall risk.
Use this view to:
Identify which behaviours need attention first.
See how a behaviour's risk is changing over time.
Drill into a behaviour to see the people and groups driving it.
Groups
Shows your defined groups with their Group BRI which shows how much risk each part of your organisation is carrying.
Use this view to:
See which teams or departments need targeted action.
Make a case for focused intervention to a department head.
Compare groups on the same scale.
People
Lists everyone in your organisation, with their User BRI and risk likelihood for the behaviours being measured.
Use this view to:
Identify the people contributing most to your risk.
See which behaviours each person is struggling with.
Set or override a person's user level.
Risk categories
BRI scores reflect all the behaviours CybSafe is measuring by default. Risk categories let you filter any view to show only the behaviours relevant to a specific framework, without changing how the score is calculated.
Use risk categories when you want to answer questions like:
"How are we tracking against NIST CSF?"
"Which groups carry the most risk of a data compromise?"
"Which people are driving our MITRE ATT&CK exposure?"
The category score uses the same tier-weighted methodology as the overall BRI, applied only to the behaviours that belong to that category.
Three default categories are provided, drawn from SebDB, the world’s security behavior database.
SebDB Impacts
Groups behaviours by the type of harm they could cause if they fail. For example, System compromise, Data compromise, or Financial loss. Use this if you want to frame risk in terms of business outcomes rather than security controls.
NIST CSF
Maps behaviours to the six functions of the NIST Cybersecurity Framework: Govern, Identify, Protect, Detect, Respond, and Recover. Use this if your security programme is structured around NIST, or if you need to report against it.
MITRE ATT&CK
Maps behaviours to adversary techniques from the MITRE ATT&CK framework. Use this to understand which behaviours leave your organisation exposed to specific attack patterns.
To filter by risk category, select one from the category picker at the top of any new Risk reports view. All four views, Overview, Behaviours, Groups and People, update to reflect the selected category.
Risk bands
BRI scores are shown on a 0–1000 scale with four bands:
Band | Range |
Low | 0–250 |
Medium | 251–500 |
High | 501–750 |
Very High | 751–1000 |
The bands give you a consistent way to talk about risk across people, groups, behaviours, and the organisation as a whole.
Getting the most from the new Risk reports
A few tips for using the reports well:
Start with the Overview, then drill down. The headline number on its own doesn't tell you what to do. The detail underneath does. Drill down into Behaviors if you want to understand what is driving your risk of a security incident. Drill down into People if you want to know who.
Watch the trend. A single BRI score is a snapshot. The trend tells you whether your programme is moving the needle.
Make sure people have a user level. BRI is most accurate when your people are correctly assigned to user levels. Unassigned people default to Level 3. For more, see [How to set a person's user level].
Click the info icon on any BRI score to see how it's calculated. BRI isn't a black box.