Automatic Diagnosis
      Back to home
      1. Help Center
      2. Search By Function
      3. Automatic Diagnosis

      Breach Risk and Threat Level

      Target plan PREMIUMプラン

       


      SecureSketCH's automated assessment function allows you to check two indicators defined by SecurityScorecard: Breach Risk and Threat Level.
      By correctly understanding and utilizing these two indicators, you can implement high-priority security measures more effectively.

       

      Difference between the two indicators | Practical Column: Determining Priority for Addressing Issues

       

      Difference between the two indicators

      Breach Risk: Data-based objective indicator

      Breach Risk is a statistical indicator calculated by SecurityScorecard based on an analysis of over 15,000 actual breach cases.
      This indicator uses a data-driven approach to objectively assess risk, asking, "What is the probability that a breach will actually occur given the existence of this issue?"

      We recommend using breach risk as the main indicator of the severity of an issue and using it as the basis for developing a response plan.

      侵害リスクと脅威レベルについて-001_en

      Threat Level: Subjective indicator based on the experience of security experts

      Threat Level is a subjective indicator based on the experience of SecurityScorecard's security experts.
      This indicator assesses the importance of a threat based on expert knowledge and experience, asking, "How serious would the impact be if this threat were to materialize?"

      Threat Level can be used as a secondary indicator to adjust priorities in addition to the basic response policy determined by the risk of breach.

      侵害リスクと脅威レベルについて-002_en

       

      Practical Column: Determining Priority for Addressing Issues

      When multiple issues with a "High Breach Risk" are reported, you can use the Threat Level information as a reference to set the priority of countermeasures.
      Here we will introduce an example of a policy for determining the priority of countermeasures, using actual examples of issues.

      Example of policy for determining countermeasure priorities

      Let's assume that the following two issues have been reported:

      侵害リスクと脅威レベルについて-003_en

      In this case, the risk of breach is "high" for both issues,
      but the threat level for issue 1 is "high" and for issue 2 is "low,"
      so by addressing issue 1 first, it is possible to efficiently reduce risk and proceed with countermeasures.

      *The content of the issues, breach risks, and threat levels presented as specific examples are current as of October 10, 2025.
      *The "Breach Risk Analysis (Example)" and "Threat Level Analysis (Example)" are the proprietary views of NRI Secure, and are items that cannot be viewed on the SecureSketCH screen.