MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.

 


Blog Archives for January 2011
Compliance Like a Club
January 31, 2011, 10:14 am

Have you ever noticed how some organizations wield compliance like a club when marketing their products or services? They remind you of the latest in information security regulations, such as the HITECH Act or Mass 201 CMR 17, and then menacingly predict doom for those who transgress. If you fail to comply, their messages warn like a cross schoolmarm, the boogey man will flash his regulator badge and lower the boom (unless, of course, you buy the appropriate product or service).

 
The problem isn’t that the products or services offered by many companies are not able to help companies to become compliant with a variety of regulations. To the contrary, the need for information security and data protection has been catalysts for a great deal of innovation both in technology and services. But rather than being received by a market that recognizes its need to do a better job of protecting and managing sensitive information, the message has become resonant dissonance.
 
Yet we know organizations that with good data security strategies and practices can reduce their financial risk by avoiding costly data breaches and minimizing their impact when breaches do occur, so why isn’t the message more effective? The reason is because fear has been compliance’s primary motivator and in business, fear is a lousy motivator.
 
So the Ponemon Institute set out to determine the financial benefit to organizations that adopt and implement compliance-related activities, including processes, policies, people and technologies. Non compliance costs included things like fines, legal fees, and lost opportunity costs. We examined these activities for 46 multinational corporations in a benchmark study underwritten by Tripwire Inc., and we believe the findings are revealing. We also hope they will provide much needed support for information security and compliance professionals advocating for the resources to do their jobs. Among the findings:
 
Non-compliance costs are 2.65 times higher for organizations than compliance costs. That means that companies with ongoing investments in compliance related activities actual save money compared with those organizations that fail to comply with various domestic and international security regulations. Of the companies we studied, compliance costs averaged $3.5 million, while non-compliance costs averaged $9.3 million, meaning those organizations that invested $3.5 million in compliance saved $5.8 million.
 
The full report offers a detailed description of our methodologies, industry cost comparisons, and other detailed descriptions of our findings that we hope will prove to be illuminating.
 
We hold firmly to the belief that compliance is a foundation, not a ceiling, and that no organization should be satisfied with maintaining only minimum standards for protecting the data they and their customers value. Instead, a holistic information security strategy that fosters a culture of vigilance, and is designed to anticipate and change as needed to respond to an ever-changing threat environment, is needed.
 
If we can help you to achieve that ideal, please let us know.
Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)