Mimecast Human Risk Insights (MHRI) Report - Guide

Updated

This article provides details on the data presented in the Mimecast Human Risk Insights (MHRI) Report

Access

To access the MHRI Report, the following is required:

  • Role/permission requirements match those of the reporting section of Roles - Administrator Role Permissions.
    • Read and Edit permissions for scheduling reports and report downloads should be enabled for Partner Admin, Super Admin, Full Admin, Basic Admin, Help Desk Admin and Gateway Admin.
  • The user account role must have PDF Reports Read and Edit permissions enabled under the Reports Menu, as shown below:

MHRIReportAccess.png

Scheduling and Recipient Management 

On the MHRI Report page, the user can:

  • Add or remove email addresses to receive the monthly report using the lookup function to find users in the directory.
  • A maximum of ten email addresses can be added.
  • If the process fails, the user will see an error message based on the error reason.

hritabsreportingscheduling2.png

scheduling.png

Scheduling and Recipient Management Considerations

  • Should report generation fail, it will automatically retry.
  • Should delivery fail, it will automatically retry.
  • The report is automatically emailed to the listed account contact each month.
  • Events will be logged when a user subscribes or unsubscribes. Data logged will include the following:
    • Date/time
    • Action - subscribe/unsubscribe
    • Account code
    • Email address
  • Events will be logged when the report email is sent. Data logged will include the following:
    • Date/time
    • Action - subscribe/unsubscribe
    • Account code
    • Email address
  • from email address - mimecastreports@mimecast.com.
  • from display name - Mimecast Reports.
  • The email will be visible as an inbound message to the customer in Message Tracking.
  • The first month’s report will be available in the product and will not be sent to any recipients via email. Administrators are encouraged to add subscribers so that the subsequent months' reports are delivered to the recipients automatically. The PDF report will be emailed to the subscribers on the first day of each month as an email attachment and will cover the previous month in full. The file name will be Mimecast Human Risk Insights Report - {month} {year}.

Executive Summary 

This is a summary of the report, calling out important statistics and actions in natural language. There are two options for this page, depending on whether or not you have Human Risk

The first paragraph:

  • Summarizes the total number of threats that were blocked in the previous month.

  • Indicates the trend compared to the previous month.

  • Calls out the number of detections for the detection highlights listed on the Prevented Threats page.

The Executive Summary also contains a Recommendations and Insights section, which lists key recommendations and insights. 

Prevented Threats 

Detection Funnel

mhri1.png

The detection funnel indicates the following:

  • How many emails were inspected by Mimecast over the previous month.
  • How many of these were detected.
  • How many were delivered.

Additionally, trend indicators provide a comparison to the previous month.

The funnel is split into the following sections:

  • Inbound emails Inspected by Mimecast
  • Reputation, Authentication & Spam detections.
  • Phishing, which includes the following subsections showing high-impact threat types:
    • Business Email Compromise
    • Credential Harvesting
  • Malware
  • Emails Delivered

Detection numbers are rounded off to two significant figures. Thousands are expressed using 'k' and millions are expressed using 'M', e.g., 350,000 = 350k.

Trends are displayed in number and % format, for example, 2%. A downward-facing arrow indicates a decrease in activity, and an upward-facing arrow indicates an increase in activity compared to the previous month.

Detection Highlights

The detection highlights section calls out high-risk detections and details their impact with reputable data related to each threat type. This section includes the number of detections and the trend  (increase or decrease). 

The following list of these threat types is in priority order. (Should there be no detections for a given type, you can skip that threat type and move on to the next.) There will be up to five items from this list.

  • Business Email Compromise
  • Ransomware
  • Impersonation
  • Malicious QR Code
  • Credential Harvesting
  • Malware
  • Phishing
  • Spam

The following shows specific details on estimations per threat type:

Detection Type Advanced BEC  Ransomware Impersonation Malware Phishing
Cost per incident $137,132 $1,400,000 $63 $1,841 Email remains the number one attack vector for cybercriminals, and phishing attacks remain the top threat to email users.
Number of Attacks 21,489   298,878 659  
Total Losses $2,946,830,270 $18,728,550 $1,213,317
Average $137,132    
Reference 2023 FBI Internet Crime Report  (Pages 20 & 21) Cyntenia Institute Risk Insights Study: Ransomware (Page 2) 2023 FBI Internet Crime Report (Pages 20 & 21) 2023 FBI Internet Crime Report (Pages 20 & 21) The State of Email & Collaboration Security 2024 (Page 5)

Detections Benchmarking 

Region Wise Benchmarking

mhri2.png

Region Wise benchmarking allows you to compare your detections per user value for the previous month to the distribution of other Mimecast customers in the industry. Data is normalised by dividing detection counts per account by the number of users per account.

The data is represented in a beeswarm chart, where each dot represents the median value for 2% of Mimecast customers in the regional dataset.

You will see one chart for each of the following threat types:

  • Phishing
  • Malware
  • Credential Harvesting
  • Business Email Compromise
    • If you do not have ABEC, the distribution for other Mimecast customers will appear here as well as a link to find out more about this product.

There is also text next to each chart to detailing the comparison with other Mimecast customers. This indicates a position as higher than or lower than other Mimecast customers. Below 50% is ‘lower than’, above or equal to 50% is 'higher than’.

Industry Wise Benchmarking 

This section is the same as Region Wise Benchmarking, except that the data here is aggregated by Industry.

mhri3.png

Human Risk 

To view this section of the report, you must first accept the Terms and Conditions of the Human Risk Command Center. Please read more here: Human Risk Command Center - Overview.

Human Risk Overview

MHRIhumanriskoverview1.jpg

On this page, you will see:

  • Your overall human risk level on displayed as a gauge.
    • The gauge displays the Human risk score (Range: 0-10).
    • A description of the risk rating at the bottom of the gauge, e.g. "high".
  • A line chart showing the human risk score by month over the last 12 months.
  • An outline of what the human risk score means at the bottom of the page.

Human Risk Behaviors

HRI4.2New.png

This page is a section for each of the high-level human risk behaviors that contribute to the overall human risk score. This includes:

  • Score: Number between 0 - 10.
  • The colour coding matches human risk score logic.
  •  Each Human Risk behavior is listed next to the score. These include the following:
    • PhishingReal World Phishing, Simulated Phishing, Training, Malware, and Sensitive Data Handling.
  • The Trend: Increase = Red upward-facing arrow; Decrease = Green downward-facing arrow; No change = Two horizontal gray lines. 
  • A description of the change and how much it has changed by will be next to the arrow/icon e.g., "Higher by 0.1 vs past month".
  • An explanation of what each of the listed behaviors means, and how these contribute to the overall Human Risk Score.

Only categories that count towards the human risk score are displayed. Therefore, not all customers will have all categories, and the categories each customer has may change over time.

Riskiest Users

HRIR4.32.png

On this page, you will see:

  • A table with the following columns:
    • User
    • The columns listed below contain a color-coded chip containing the score (based on human risk score logic) for each user, and a trend icon (Increase = Red upward-facing arrowDecrease = Green downward-facing ArrowNo change = Two horizontal gray linesNot Present = Gray circle with diagonal line icon).
      • Risk Score
      • Actual Phishing
      • Simulated Phishing
      • Training
      • Malware
      • Sensitive Data Handling

Risk Insights 

Credential Harvesting Detections 

11.png

On this page, you will see:

  • The Top 5 Impersonated Brands based on credential harvesting detections for your account are shown as a bar chart on the left-hand side of the page.
  • The Top Impersonated Brands based on credential harvesting detections for your industry are shown as a bar chart on the right-hand side of the page.
  • Below the bar charts is an explanation of what the graphs indicate, and text in bold containing advice on actions to consider based on the information.

BEC Insights 

Recipient Insights 

12.png

This page is only visible if you have Advanced BEC Protection.

On this page, you will see:

  • A table of the top 10 recipients (by volume of ABEC detections descending). The table contains two columns: the recipient's email address and detection volume.
  • An explanation of what the data indicates and actions to consider based on the information.

Sender Insights

13.png

This page is only visible if you have Advanced BEC Protection.

On this page, you will see:

  • A table of the top 10 sending domains (by volume of ABEC detections descending). The table contains two columns: the recipient's Sending Domain and Detection Volume.
  • An explanation of what the data indicates and actions to consider based on the information.

Blocked URL Clicks

14.png

On this page, you will see:

  • A table of the Top 5 Domains (by volume of blocked URL clicks descending) is on the left. The table contains two columns: the Domain and Blocked URL Clicks.
  • A table of the Top 5 Domains (by volume of blocked URL clicks descending) is on the right. The table contains two columns: the User and Blocked URL Clicks.
  • An explanation of what the data indicates below each table, and actions to consider based on the information.

If you do not have Engage, you will also see an additional point with information on this product.

CVE Detections 

15.png

On this page, you will see:

  • Three tables of up to 10 CVEs detected for your account, industry, and region (the CVEs are ordered by detection volume descending).
    • Each CVE contains a hyperlink to its corresponding page on the National Institute of Standards and Technology (NIST) website. For example: NVD - CVE-2025-53770
  • An explanation of what the data indicates below each table, and actions to consider based on the information.

Related to

Was this article helpful?
1 out of 1 found this helpful

Comments

2 comments
Date Votes
  • Avatar
    Michael Lopez

    Region Wise Benchmarking stats are unclear. 

    We received our first report and the chart shows us at low numbers, and very low on the graph, but the text of the message reads as if we have high detection levels compared to our peers.

    When it says “this is lower than 11% of Mimecast customers” that means our numbers are higher than ~89% of customers, but the graph appears to place us at a low spot. Which is correct? Are we in the lowest 11% of customers, or highest 11%? 

    0
  • Avatar
    Admin-TM

    Hi Michael,

    Thank you for the comment.

    When the report says, "This is lower than 11% of Mimecast customers hosted in US region," it means that your results are better than 89% of Mimecast customers in the US region. In other words, only 11% of customers in the US have higher numbers than you—so you are performing much better than most of your peers in the US. This is a very positive result, showing that your performance is among the top 11% of Mimecast customers in the US region.

    I hope this answers your question.

    Thank you.

    0

Please sign in to leave a comment.