The Breach Susceptibility Indicator (BSI) is a data-driven predictor that assesses the likelihood of a security breach. The Breach Susceptibility Indicator assesses a company's security posture and the size of its digital footprint. It maximizes breach prediction by training on a hyperoptimized, non-linear model with carefully curated data. BSI is calculated daily, uses a different model than the top-level score, and reflects security posture and digital footprint in a way that may not respond immediately to remediation.
How it works
The BSI utilizes a machine learning model that ingests all observed issue types for a domain over a 14-week rolling window. Based on this data, it assigns one of the following breach susceptibility categories:
- Very Low
- Low
- Average
- High
- Very High
Understanding the categories
The Breach Susceptibility categories indicate a domain’s relative likelihood of experiencing a security breach, based on patterns observed across similar domains.
A domain rated Very High does not imply that a breach is imminent. Rather, it indicates that the domain’s issue profile is highly correlated with the profiles of domains that have experienced breach events in the past. Domains rated High or Average show progressively weaker correlations, while a Very Low rating indicates that the observed issue profile is least similar to those historically associated with breaches.
How the Breach Susceptibility Indicator compares to other metrics
The Breach Susceptibility Indicator is designed to complement other SecurityScorecard metrics. Understanding how it differs from the Security Score and MAX Incident Likelihood helps clarify when and how to use each metric.
Breach Susceptibility vs. Security Score
The Security Score (our top-level score) is designed to maximize breach predictability while staying fair across organizations of different sizes. It updates immediately as issues are remediated, giving near-real-time feedback.
The BSI, by contrast, is optimized solely for predictive accuracy. It is not constrained by size-fairness requirements and may account for issues that were recently remediated when their historical presence has been shown to correlate with future breach risk.
Breach Susceptibility Indicator vs. MAX Incident Likelihood assessment
The Breach Susceptibility Indicator and MAX Incident Likelihood assessment both estimate the likelihood of a security event, but they differ in scope, methodology, and actionability.
MAX Incident Likelihood assessments are based on indicators curated through Digital Forensics and Incident Response (DFIR) expertise, account for residual and nth-party supply chain risks, use the broader NIST definition of an incident, and weigh all indicators equally. They include a prioritized improvement plan, with issue resolution reflected on the rating after six months. This timeframe is intentional, emphasizing the importance of consistently maintaining good security practices. Prioritization is performed in collaboration with customers and vendors as part of the managed service, and the assessment is available exclusively in the MAX service.
The Breach Susceptibility Indicator, on the other hand, considers all issue types currently observed for an organization on the SecurityScorecard platform and uses machine learning to determine the organization's overall likelihood of a breach. It updates daily, does not provide by-issue guidance, and is visible to all users.
As a result, the BSI is better suited for broad, directional risk analysis, while MAX Incident Likelihood assessments are more useful for identifying specific risk management requirements. Both metrics complement the Security Score by providing additional context on organizational risk.
How can I change my breach susceptibility rating?
The Breach Susceptibility Indicator is recalculated daily using a model distinct from the top-level Security Score. While remediating issues does not always produce immediate changes, reducing the number and severity of observed issues generally improves breach susceptibility over time.
Because the BSI considers historical patterns associated with breach events, sustained improvements in security posture are more influential than short-term changes.