1️⃣ What are the Cyber Score and the Karma Score?
👉 The Cyber Score
The Cyber Score is the rating displayed on your Riot homepage, ranging from A to F. It reflects the aggregate of your team members’ Karma scores and can be improved by following the recommendations provided on the homepage.
👉 The Karma score
The Karma reflects an employee’s security posture.
The total Karma points are calculated based on the number of subscribed modules. The Karma Score varies depending on the actions taken by the employee (completing training courses, reporting phishing emails, resolving data breaches, etc.).
You can view the actions required to earn Karma points directly from the portal, along with a detailed breakdown of the points available.
2️⃣ How is an employee’s Karma calculated?
👍 Good to know: The Cyber and Karma Scores are currently being refined.
As a result, the following information is subject to change over time. This article will be updated accordingly.
Our goal is to give you a general idea of the elements considered in the calculation, so you can answer internal questions—or simply satisfy your curiosity.
👉 Security posture calculation
The security posture is the percentage of Karma Score earned out of the total possible points, based on the subscribed modules.
It represents the percentage of points achieved relative to the total score (these are cumulative and help employees level up to higher ranks).
Dangerous (10%)
Bad (20%)
OK (20%)
Good (20%)
Great (15%)
Excellent (10%)
Exceptional (5%)
Example: The activated modules total a maximum of 800 points. The employee has earned 640 points, meaning their security posture is marked as "Great"—they’ve completed at least 80% of the available actions.
👉 How to earn Karma points?
The actions that earn Karma points are visible directly on the employee portal and depend on the modules your organization has subscribed to.
Here are some examples of actions that earn points:
The employee is up to date with their training courses.
The employee has confirmed that detected data breaches have been resolved.
The employee has a strong digital footprint (measured via LinkedIn and WhatsApp).
The employee has enabled two-factor authentication.
The employee has reported a phishing email.
👍 Good to know: Focus on the LinkedIn Footprint
If an employee's LinkedIn account is set to private, Riot won’t be able to scan it to verify whether the profile picture and name have been made non-public.
We recommend keeping the account public (at least temporarily) to ensure that Riot can detect and take these elements into account.
3️⃣ How to Use the Karma Score to Optimize Your Platform Usage
👉 Create dynamic groups based on security posture
You can use security posture statuses such as “Dangerous” and “Bad,” but also “Outstanding” and “Excellent” as criteria to create dynamic groups for:
course audiences
targeted campaign audiences
You can also download the list of employees with an outstanding security posture, for example, to recognize and congratulate them internally!
👉 Managers can encourage their team members directly from the portal (Team tab).
This feature is useful for:
Engaging employees by encouraging them
Allowing managers to have visibility on the performance of their supervised team members (and help balance the cyber team’s workload)
👍 Good to know :
We encourage you to promote the portal and the gamified aspect of the actions to (re)engage employees in completing their training with Albert. Here is the address: app.tryriot.com
From the employee portal, users can:
view their Karma Score
earn points by completing various actions
see the company’s top 3 users with the highest Karma Scores
ask Albert any cybersecurity-related questions!