Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

FOR IMMEDIATE RELEASE Ponemon Institute Releases 11th Annual Most Trusted Companies for Retail Banking Study U.S. Bank earns top honors; Ally Bank is second most trusted



Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

What Erodes Trust in Digital Brands?
August 26, 2015, 6:00 am

CMOs know that website performance in turn drives marketing performance. While marketers control some of the factors that sharpen the online experience—accurate content and prudent use of banner ads, for example—the more technical factors are in the hands of colleagues in IT. Ideally, Marketing and IT collaborate to deliver excellence. Doing that means knowing what visitors like, and don’t.

The purpose of this research, conducted by Ponemon Institute and sponsored by Neustar is to understand the online experience from the customer’s point of view. What expectations do consumers have for the reliability of the website, security of information they share, and availability of information? What is the tolerance or tipping point for problems like unavailable sites, slow-loading pages, or inscrutable navigation?

We surveyed 761 consumers in the United States between the ages of 18 and 65+. On average, respondents spend 59 hours per week online mostly doing email, shopping, and social networking. Some respondents do more advanced activities such as posting blogs and creating websites.

The findings reveal that consumers expect a high level of website performance—and their frustrations are aimed at marketers and engineers alike.

Perceptions about a website’s security can decide whether consumers stay or go. As shown in Figure 1, 78 percent of respondents say slow load times cause them to worry about security. However, just over half of respondents (54 percent of respondents) are concerned about the reliability of slow loading web pages. The findings in this research also reveal that 69 percent of respondents have left a website because of security concerns.

Text Box:

Other concerns, but to a lesser extent, are annoyance with feature ads that interfere with content (55 percent of respondents) and feature ads that redirect them to different sites (52 percent of respondents).

Data breaches take a toll on brands.

Seventy-one percent of respondents say that data breaches negatively impacted their perception of company’s brands. On average, respondents have received two notifications from organizations telling them that their personal information was lost, stolen or compromised. Even after more than a year, 24 percent of respondents say they still do not perceive those companies’ brands in a positive light. 

Overall, fifty-five percent of respondents believe security is important to the perception of a company’s brand and 50 percent say the same about privacy (protection of identity and other personal information). Not surprising, respondents overwhelmingly expect financial sites to be secure (95 percent of respondents).

A bad experience is measured in dollars, not just performance metrics. Sixty-one percent of respondents say they would be willing to give a website that goes offline only two chances before giving up. Consumers are most likely to discontinue using unavailable sites in financial services (80 percent of respondents) and retail (59 percent).

They are also willing to wait no more than an average of 10 seconds to wait for a website to load. In fact, seventy-eight percent of respondents are very concerned about the security of web pages that load longer than expected. Forty-one percent of respondents say response time is most important when making a payment (at checkout) and navigating to other web pages within the site (23 percent).

We hope you will read our complete report (download full report).


Around the world, IT security practitioners face a common problem: a budget that is inadequate to deal with cyber threats
June 9, 2015, 10:00 am

Around the world, IT security practitioners face a common problem: a budget that is inadequate to deal with cyber threats

Ponemon Institute Releases New Study on the Efforts of Retail Companies and Financial Services to Improve the Time to Detect and Contain Advanced Threats
May 28, 2015, 11:00 am

Ponemon Institute Releases New Study on the Efforts of Retail Companies and Financial Services to Improve the Time to Detect and Contain Advanced Threats

Cost of Data Breach Grows as does Frequency of Attacks
May 27, 2015, 6:00 am

Cost of Data Breach Grows as does Frequency of Attacks 

Criminal Attacks: The New Leading Cause of Data Breach in Healthcare
May 7, 2015, 9:00 am

The Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, sponsored by ID Experts, shows that, for the first time, criminal attacks are the number-one root cause of healthcare data breaches. 

New Ponemon Institute study released: Economic Impact of Mixed Content Warnings on Consumer Behavior
April 27, 2015, 12:40 pm

We have all encountered mixed content warnings that show a visual icon or pop-up that attempts to warn us while visiting a website. A new study by Ponemon Institute, sponsored by Ghostery, recently conducted an experimental study to test consumer reactions to mixed content warnings when browsing secure e-commerce sites. To cut to the chase, the study reveals that consumer attrition resulting from mixed content warnings on web pages is estimated to cost the top 100 Internet retailers in the United States $310 million per annum. We hope you will read the details in the entire report.

Warmest regards,
Dr. Larry Ponemon

A Few Challenges in Calculating Total Cost of a Data Breach Using Insurance Claims Payment Data
April 19, 2015, 1:34 pm

Let me first state that I am a big fan of the Verizon DBIR and have read every one. I also have a great deal of respect for the NetDiligence Cyber Claims Study and like many in the insurance industry, find it extremely valuable. I was, however, taken by surprise when I read the latest Verizon report and saw that their cost of a data breach analysis was based on the NetDiligence data set. Here’s why:

Why Ponemon Institute’s Cost of Data Breach Methodology Is Sound and Endures
April 16, 2015, 5:01 pm

This week, Verizon released its annual 2015 Data Breach Investigations Report. We respect the amount of effort and resources Verizon devotes to its annual report. In the past, Ponemon Institute has reached out to the researchers at Verizon because of what I believe should be a shared and collaborative goal to continuously improve and refine the research being conducted about data breaches and other security incidents. In fact, we were pleased to have Wade Baker from the Verizon DBIR team speak to our Institute’s RIM Council of sponsoring companies and Fellows in December 2012. By the way, Verizon is a sponsoring company of the Institute.


Ponemon Institute releases new study on how organizations can leapfrog to a stronger cyber security posture
April 10, 2015, 4:00 pm

Is your company’s security strategy stuck in a rut? Are you concerned that the competition is outpacing you in its ability to deal with increasingly sophisticated and stealthy cyber criminals. Ponemon Institute with sponsorship from Accenture spent several months interviewing senior level IT and IT security practitioners in 247 companies to identify the main factors that contribute to an organization’s improved security posture—or leapfrogging from a level of low to high performance in its security ecosystem.

2014: A Year of Mega Breaches
January 28, 2015, 10:00 am

2014 will long be remembered for a series of mega security breaches and attacks starting with the Target breach in late 2013 and ending with Sony Pictures Entertainment. In the 2014: A Year of Mega Breaches study sponsored by Identity Finder, the following findings reveal changes companies are making to their security strategies.

• More resources are allocated to preventing, detecting and resolving data breaches. According to 61 percent of respondents, the budget for security increased by an average of 34 percent. Most was used for SIEM, endpoint security and intrusion detection and prevention.

• Senior management gets a wake up call and realizes the need for a stronger cyber defense posture. Sixty-seven percent of respondents say their organization made sure the IT function has the budget necessary to defend it from data breaches.

• Operations and compliance processes are changing to prevent and detect breaches. Sixty percent of respondents say they made changes to operations and compliance processes to establish incident response teams, conduct training and awareness programs and use data security effectiveness measures.

We hope you will read the full report.

Records 1 - 10 of 66 — Jump to page First 1 2 3 4 5 6 7 Last
Security (23)
Privacy (22)
global security (1)
Providers (1)