Prakash Panjwani President and Chief Executive Officer SafeNet

SafeNet, Inc., a global leader in data protection solutions, has launched a new website that catalogs data breaches as they happen, and provides a methodology for security professionals to score the severity of breaches and see where they rank among publicly disclosed breaches.

The SafeNet Breach Level Index (BLI) provides a centralized global database of breaches and calculates the severity of data breaches across multiple dimensions based on breach disclosure information. It not only serves as a benchmark for the industry, but CIOs and CSOs can use the website to quickly classify the severity of a breach within their own companies when communicating the level of urgency with affected customers or partners. The resulting data can also be used in their own risk assessment and planning.

“Not all breaches are created or should be treated alike. The Breach Level Index helps us track and differentiate between an insecure breach, in which customer data is compromised and lost, and a secure breach, where data is stolen but cannot be deciphered by cybercriminals because it is encrypted, rendering it useless to them,” said Prakash Panjwani, senior vice president and general manager, Data Protection, SafeNet. “Based on several factors, the Breach Level Index will assign a numerical score to indicate the severity of a given breach, and that number will be significantly lower if the organization in question has successfully limited itself to a secure breach and maintained the integrity of its confidential data.”   

2013 Data Breach Highlights
The Breach Level Index provides details into hundreds of individual data breaches that can be sorted by breach type and affected industries.  For 2013, in which more than 1,000 data breaches and 575 million data records lost or stolen, 44 percent of data breaches did not even disclose how many data records were exposed.  Highlights from last year include:

• By Breach Type:
  • Malicious outsiders: 57 percent of data breaches
  • Accidental loss: 27 percent of data breaches
  • Malicious insiders: 13 percent of data breaches
  • Hacktivists: 2 percent of data breaches
  • State-sponsored activity: <1 percent of data breaches
• By Industry Type
  • Healthcare
    • 31 percent of data breaches and 2 percent of data records lost or stolen
    • Average records lost per breach: 49,000
  • Government
    • 17 percent of data breaches and 10 percent of data records lost or stolen
    • Average records lost per breach: 630,000
  • Financial
    • 15 percent of data breaches and 1 percent of data records lost or stolen
    • Average records lost per breach: 112,000
  • Retail
    • 8 percent of data breaches and 29 percent of data records lost or stolen
    • Average records lost per breach: 6.6 million
  • Technology
    • 11 percent of breaches and 43 percent of data records lost or stolen
    • Average records lost per breach: 5.7 million
  • Other industry sectors
    • 23 percent of breaches and 13 percent of data records lost or stolen
    • Average records lost per breach: 619,000
• By Time:
  • 1,576,555 data records lost or stolen every day
  • 65,690 data records lost or stolen every hour
  • 1,094 data records lost or stolen every minute
  • 18 data records lost or stolen every second

SafeNet first collaborated with industry analyst firm IT-Harvest to develop the algorithmic formula used to determine breach severity in 2013. When calculating the severity of data breaches, the BLI factors in multiple inputs, including data type, number of records stolen, breach source, and whether or not the high-value data remained secure after the breach was discovered. These inputs are then processed through a proprietary algorithm that produces an index number, with 1 being least severe and 10 being most severe.

A New Mindset for Data Protection: Secure the Breach
The unprecedented surge in recent data security breaches demonstrates that conventional breach prevention strategies alone cannot protect data. In addition, increased investments in perimeter-based security cannot adequately secure the growing volume and changing nature of data that is constantly being accessed, moved, shared, and stored in virtualized and cloud environments and mobile devices.  The perimeter no longer exists, thus creating vast new points of vulnerability. When the inevitable breach occurs, organizations must be prepared to secure the breach by attaching security directly to the data.

SafeNet’s data protection solutions help companies move to a Secure the Breach mindset when it comes to security.  This means accepting that breaches will eventually occur and attaching security directly to data with strong authentication, encryption, and crypto management.

• SafeNet Encryption – Delivers unmatched coverage—securing databases, applications, personally identifiable information (PII), and storage in the physical and virtual data center, and the cloud. It also provides the critical key management needed to effectively and efficiently enable protection across the enterprise wherever data resides.
• SafeNet Crypto Management – Centrally, efficiently, and securely manages cryptographic keys and policies across the key management lifecycle and throughout the enterprise, both in the cloud or on-premises.
• SafeNet Authentication – Offers flexible service delivery, which simplifies authentication implementation and management through automated processes, which drastically reduces the time and cost of provisioning, administration, and managing users and tokens compared to traditional authentication models.

Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe.  SafeNet’s data-centric approach focuses on the protection of high-value information throughout its lifecycle, from the data center to the cloud.  More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments.