HowTo: Understand User Scoring System (HootScore)

This guide explains how the user scoring system works so you can configure and monitor it effectively for your organization.

What is HootScore?

The HootScore is a single number from 0 to 100 that shows how well a user is engaging with their assigned security training. It combines multiple training components into one easy-to-read score, which helps you identify users who are doing well and those who may need extra support.

What are the score components?

The system can include up to four main components plus an additional adjustment for real-world phishing failures. Each one represents a specific type of training activity:

1. Phishing
   Simulated phishing tests assigned to the user.
   

2. Video
   Security awareness training videos that the user must watch and complete.
   

3. Policy
   Required company policies that the user must read and acknowledge.
   

4. Optional
   Any additional or supplemental training modules that you may choose to assign that the end user is not required to complete.
   

5. AttackPhish (real phishing test adjustment)
   This is not a stand-alone component but an extra factor that slightly adjusts the final score based on whether the user has failed real phishing tests recently.

How are components enabled?

Which components are included in scoring depends on how your account and settings are configured.

• If your organization uses Autopilot, you can enable or disable components for each customer:
  

  • Video: Enabled by activating the Video Power-Up.
    

  • Phishing: Enabled by activating the HootPhish Power-Up.
    

  • AttackPhish: Enabled by activating the AttackPhish Power-Up.

*Note that optional or policy assignments are not currently available in Power-Up and will therefore not be included in the user’s HootScore.

• If your organization uses Power, then all components are included by default. Scores are only affected by the components that are used.

How does the system calculate scores?

1. Identify enabled components
   The system first checks which modules are active for each customer.
   

2. Gather user data for each component
   For each active module, it:
   

   • Counts how many assignments the user has been given.
     

   • Checks which were completed and whether they were submitted on time.
     

   • Counts how many attempts the user made to pass.
     

   • Calculates an average score for that module.
     

3. Late submissions and extra attempts slightly lower the component score. Real phishing failures lower the AttackPhish adjustment.
   

4. Apply component weights
   The final HootScore combines the components using these default weights:
   

   • If all four are enabled: Phishing 40%, Video 40%, Policy 15%, Optional 5%.
     

   • If three are enabled: Phishing 40%, Video 40%, Policy 20%.
     

   • If two are enabled: Phishing 50%, Video 50%.
     

   • If only one is enabled: 100% that component.
     

5. These weights adjust automatically depending on which components are enabled.
   

6. Adjust for real phishing failures
   If AttackPhish is active, recent failures reduce the final score by up to 10%. Older failures (> 60 days) reduce the score less or not at all (> 90 days) .
   

7. Cap at 100
   The final calculated score is always limited to a maximum of 100.

What data is available to administrators?

When you check a user’s score, you will see:

• HootScore: Overall score (0–100).
  

• Phishing Score: Score for phishing training.
  

• Video Score: Score for videos.
  

• Policy Score: Score for policy acknowledgements.
  

• Optional Score: Score for extra training.
  

• AttackPhish Score: Score for real phishing failures.
  

• Completed Assignments: Total number of assignments completed.
  

• Num Attempts: Total attempts the user made across all assignments.
  

• AttackPhish Failures: Number of phishing test failures.
  

• Late Submissions: How many submissions were late.

How to use this information

• Use the HootScore to quickly spot users who need reminders or additional help.

• Users can see their HootScores and rankings in the ‘My Cyber Rank’ tab on their my assignments dashboard. Here they can see their score/ranking against other users in their company, as well as a detailed view of their scoring history with recommendations for improvement.

• Autopilot administrators can see user rankings and HootScore details by viewing the ‘HootRanks’ page, found in the ‘Next?’ section under a customers users. Currently, a HootRanks dashboard is NOT available for Power deployments.

• Review which components are enabled for each customer to ensure your training program fits your needs.

• Adjust Power-Ups as needed to include or exclude specific modules.

Need help?

If you have questions about configuring Power-Ups, enabling or disabling components, or interpreting scores, please contact our support team.