Contact Us

SafeNet and IT Harvest to Preview the Breach Level Index at RSA 2013

A new methodology to codify data breach’s magnitude

February 21, 2013

  • Developed by SafeNet and industry analyst firm IT-Harvest, The Breach Level Index is designed to assign a single number to quantify the severity and magnitude of a data breach

  • Security professionals and general public will be able to leverage the Breach Level Index to better understand the severity of a data breach and its potential impact

  • The index is intended to serve as a benchmark for the industry and help security professionals objectively monitor the progression of breaches and utilize the data for better risk assessment

  • SafeNet calls on security industry professionals to participate in the evolution of the Breach Level Index beginning at RSA Conference

SafeNet, Inc., a global leader in data protection, today announced that it will preview at the RSA conference the Breach Level Index, a new scale and methodology that calculates the severity of data breaches across multiple dimensions based on breach disclosure information. The Breach Level Index is intended to not only serve as a benchmark for the industry, but to help Chief Information and Chief Security Officers classify the severity of a breach as well as utilize the data in their own risk assessment and planning.

"It is not realistic today to expect enterprises to be able to prevent intruders and insiders from penetrating perimeter defenses and accessing IT resources,” said Richard Stiennon, founder of IT-Harvest. “In a world where breaches are a given, we need to raise the level of discussion to ‘how severe was the breach?’ We developed the Breach Level Index to be a classification tool that enables this level of discussion and better empower security industry professionals to detect and prevent future breaches."

SafeNet collaborated with IT-Harvest to develop the algorithmic formula used to determine breach’s severity.  When calculating the scale of data breaches, the Breach Level Index factors a wide variety of inputs, including data type, number of records stolen, breach source and whether or not the high value data remained secure post breach.  These inputs are then processed through an algorithm that produces an index number consistent with the Saffir-Simpson hurricane scale: 1 being least severe and 10 being most severe. The scale is open ended (no upper limit) and logarithmic (base 10) so just as in the scales for volcanoes and earthquakes, a score of 7, for instance, is 100 times more severe than a score of 5. For example,the TJX Companies Inc. breach was a 9.1 level breach and the Heartland Payment Systems breach was a 9.3 level breach representing the two largest global breaches to date on the Breach Level Index scale.

"While the volume of breaches continues to increase, it is critical to keep in mind that not all breaches are created equal in terms of the level of severity and damage that they impose on organizations and their customers,” said Dave Hansen, President and CEO, SafeNet. “The Breach Level Index is designed to serve as a guide for security professionals as they navigate the new threat landscape.  It will provide CIOs and CSOs with the data needed to better classify breaches, conduct internal risk assessment and planning and most importantly, employ the right security technologies to help ensure that if a breach were to occur, their high value and most sensitive data would not be compromised."

The Breach Level Index is designed to track and measure the severity of breaches globally and it will be calculated on a constant basis as information becomes available, with breach data gathered from multiple sources.

A whitepaper detailing the specific methodology is available at and


Breach Level Index: Call for Security Professionals

The Breach Level Index was developed by industry experts and evaluated on a wide range of historical breaches. The BLI is an open initiative and as such, SafeNet is calling for security professionals to contribute and participate in this important initiative.


The Breach Level Index will be previewed at RSA

Participants will be able to use the Breach Level Index calculator to determine the level, scope and severity of some of the most widespread breaches of 2012.  The breaches that will be analyzed will be derived from a wide range of industries, sources (both internal and external threats) and include large scale academic and government breaches in addition to corporations.

RSA Conference.SafeNet and IT-Harvest will preview the Breach Level Index for RSA participants to evaluate, interact and comment on the formula in SafeNet’s  Booth #1825.

Supporting Resources 



About IT-Harvest

IT-Harvest is an industry analyst firm founded by Richard Stiennon, security expert and industry analyst, who is known for disrupting the industry with his insight. IT-Harvest creates reports and analysis of trends in emerging threats and the technology to counter them. Vendors engage IT-Harvest for strategic guidance on product road maps, acquisitions, and influence. Enterprises around the world use IT-Harvest guidance for product and architecture decision making. Wall Street engages with IT-Harvest to identify category leaders, industry trends, and investment opportunities.

About Gemalto

Gemalto (Euronext NL0000400653 GTO) is the global leader in digital security, with 2015 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

Our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

Our 14,000+ employees operate out of 118 offices, 45 personalization and data centers, and 27 research and software development centers located in 49 countries.

For more information visit, or follow @gemalto on Twitter.


Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  

By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.