The Company Risk Score Report allows organizations to monitor and assess their organizational, location, and user-level risk exposure. The report analyzes the various factors that contribute to an organization's risk score, which can include recent malware outbreaks, risky user behavior, and other suspicious factors. Administrators can study how their users' and company's risk score has changed over time and compare their score against their industry peer and Zscaler cloud averages.

Risk scores are calculated for each user, location, and company. Each user's behavior is analyzed against three groups of risk factors: pre-infection behavior (e.g., blocked access to malicious destinations or content), post-infection behavior (beaconing or command, and control communications), and suspicious behavior (e.g., data leak policy blocks). Risky behavior has an effect on the score for up to 7 days from occurrence. Different risk factors also bear different weights on the score. For example, an active infection is more severe than a blocked access attempt to a blocked destination. Unauthenticated users are excluded from calculations since transactions can't be associated with an identity.

About the Company Risk Score Report Page

On the Company Risk Score Report page (Analytics > Internet & SaaS > Analytics > Company Risk Score Report), you can view the following widgets:

1. Your Risk Score Trend: This graph displays your risk score during a span of 7, 15, and 30 days. The trend isn't computed if there is a low number of authenticated users.
2. Current Risk Score: Your organization’s risk score, your industry vertical's average risk score, and the average risk score of all organizations. You can filter the graph by the following individual events or all of them:
   • Low (0–25)
   • Medium (26–50)
   • High (51–75)
   • Critical (76–100)
3. Events Contributing to the Risk Score: This graph displays the events that contributed to the risk score during a span of 7, 15, and 30 days. You can filter the graph for all events or individual events such as:
   • Active Infections: Shows transactions that are suspected botnet callbacks.
   • Suspicious Activity: Shows transactions that are potentially malicious.
   • Threats Blocked: Shows transactions blocked because they are more likely to result in an infection.
4. Events Contributing to Current Risk Score: This graph displays the events that contributed to your current risk score.
5. Top Advanced Threats Trend: This graph displays the top advanced threats during a span of 7, 15, and 30 days.
6. Top Advanced Threats: This graph displays the current top advanced threats in percentages.
7. Distribution of Your User Risk Scores: This graph displays the percentage distribution of the risk scores for your authenticated users.
8. Distribution of Risk Scores for Your Industry: This graph displays your risk score and the percentage of organizations with the same score in your industry vertical. The Show Summary option reveals the percentage of peer organizations with higher risk scores than yours.
9. Distribution of Risk Scores for All Orgs: This graph displays your risk score and the percentage of all cloud organizations with the same score. The Show Summary option reveals the percentage of cloud organizations with higher risk scores than yours.
10. Top Risky Users: The top risky users in your organization. Conduct further investigation of their activity. Click on a user, and you are redirected to the User Risk Report page.
11. Top Risky Locations: The top risky locations based on transactions by authenticated users. Conduct further investigation to ensure that all your users remain secure. This section won't be computed if there is a low number of authenticated users.
12. Top Locations with Unauthenticated Transactions: The risk score is computed based on authenticated user traffic. These locations have a high number of unauthenticated transactions and cannot have a risk score computed.