Is your company’s security strategy stuck in a rut? Are you concerned that the competition is outpacing you in its ability to deal with increasingly sophisticated and stealthy cyber criminals. Ponemon Institute with sponsorship from Accenture spent several months interviewing senior level IT and IT security practitioners in 247 companies to identify the main factors that contribute to an organization’s improved security posture—or leapfrogging from a level of low to high performance in its security ecosystem.
In this report we describe differences between companies that are identified as having proactive security programs and those that are more reactive to security threats in an effort to understand how companies can advance from laggard to leader. The main factors addressed in this research are based on the following categories: security innovation, the cyber security ecosystem, how emerging cyber security threats and issues are changing the cyber security ecosystem, the CISO role, controls and governance practices to achieve a strong security posture, enabling cyber security technologies, budget and third party and supply chain issues. We hope you will read the full report: www.accenture.com/cybersecurity.
This week, Verizon released its annual 2015 Data Breach Investigations Report. We respect the amount of effort and resources Verizon devotes to its annual report. In the past, Ponemon Institute has reached out to the researchers at Verizon because of what I believe should be a shared and collaborative goal to continuously improve and refine the research being conducted about data breaches and other security incidents. In fact, we were pleased to have Wade Baker from the Verizon DBIR team speak to our Institute’s RIM Council of sponsoring companies and Fellows in December 2012. By the way, Verizon is a sponsoring company of the Institute.
Let me first state that I am a big fan of the Verizon DBIR and have read every one. I also have a great deal of respect for the NetDiligence Cyber Claims Study and like many in the insurance industry, find it extremely valuable. I was, however, taken by surprise when I read the latest Verizon report and saw that their cost of a data breach analysis was based on the NetDiligence data set. Here’s why:
We have all encountered mixed content warnings that show a visual icon or pop-up that attempts to warn us while visiting a website. A new study by Ponemon Institute, sponsored by Ghostery, recently conducted an experimental study to test consumer reactions to mixed content warnings when browsing secure e-commerce sites. To cut to the chase, the study reveals that consumer attrition resulting from mixed content warnings on web pages is estimated to cost the top 100 Internet retailers in the United States $310 million per annum. We hope you will read the details in the entire report.