MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute has made the list of "Useful Resources for CISOs: Blogs, Papers, Conferences & More" more...

...more


Blog

Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

2014: A Year of Mega Breaches
January 28, 2015, 10:00 am

2014 will long be remembered for a series of mega security breaches and attacks starting with the Target breach in late 2013 and ending with Sony Pictures Entertainment. In the 2014: A Year of Mega Breaches study sponsored by Identity Finder, the following findings reveal changes companies are making to their security strategies.

• More resources are allocated to preventing, detecting and resolving data breaches. According to 61 percent of respondents, the budget for security increased by an average of 34 percent. Most was used for SIEM, endpoint security and intrusion detection and prevention.

• Senior management gets a wake up call and realizes the need for a stronger cyber defense posture. Sixty-seven percent of respondents say their organization made sure the IT function has the budget necessary to defend it from data breaches.

• Operations and compliance processes are changing to prevent and detect breaches. Sixty percent of respondents say they made changes to operations and compliance processes to establish incident response teams, conduct training and awareness programs and use data security effectiveness measures.

We hope you will read the full report.

Ponemon Institute Announces Results of 2014 Most Trusted Companies for Privacy Study
January 28, 2015, 9:00 am

In recognition of Data Privacy Day, Ponemon Institute is pleased to announce the results of the 2014 Most Trusted Companies for Privacy Study, an annual study that tracks consumers’ rankings of organizations that collect and manage their personal information. This year, the most trusted company is Amazon. 

The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA
January 28, 2015, 8:30 am

Ponemon Institute is pleased to present the Open Source Collaboration Study conducted in the US & EMEA. The study found that overall, IT professionals' perceptions of commercial open source software for messaging and collaboration are more positive than their perceptions of proprietary software. Common to both the US and EMEA, is IT professionals' dissatisfaction with their current messaging and collaboration platforms, the majority of which are proprietary solutions. And, while IT professionals in the US and EMEA disagree on the relative importance of security versus privacy, there is agreement among IT professionals that commercial open source software offers better cost, control, quality and business continuity than proprietary software. To learn more about this research sponsored by Zimbra, please download the webinar.

Corporate Data: A Protected Asset or a Ticking Time Bomb?
December 9, 2014, 10:00 am

In the pressure to be productive, many employees are putting confidential corporate information at risk. Is it possible to have both a productive workforce and a strong security posture? Our latest study, Corporate Data: A Protected Asset or a Ticking Time Bomb? discusses the dilemma facing IT practitioners charged with stopping data leakage and offers solutions on how to keep critical business information secure without diminishing the productivity of employees. We hope you will read the full report.

Can a data breach in the cloud result in a larger and more costly incident?
June 5, 2014, 9:00 am

Can a data breach in the cloud result in a larger and more costly incident? Our latest study,
Data Breach: The Cloud Multiplier Effect sponsored by Netskope reveals how the risk of a data breach in the cloud is multiplying. According to the IT and IT security practitioners participating in this study, the proliferation of mobile and other devices with access to cloud resources and more dependency on cloud services without the support of a strengthened cloud security posture and visibility of end user practices is making it difficult to stop the loss or theft of sensitive data in the cloud. We hope you will download the complete report at:
http://www.netskope.com/reports-infographics/ponemon-2014-data-breach-cloud-multiplier-effect/

To register for the webinar featuring Dr. Larry Ponemon and Netskope Founder and CEO, Sanjay Beri, on July 16 at 1 PM EST, please click here:
http://www.netskope.com/webinar-data-breach-cloud-multiplier-effect/

Warmest regards,

Dr. Larry Ponemon

Ponemon Institute and Raytheon Release New Study on the Insider Threat
May 21, 2014, 2:00 pm

Well-publicized disclosures of highly sensitive information by wiki leaks and former NSA employee Edward Snowden have drawn attention and concern about the insider threat caused by privileged users. We originally conducted a study on this topic in 2011 and decided it was time to see if the risk of privileged user abuse has increased, decreased or stayed the same.  Unfortunately companies have not made much progress in stopping this threat since then. Our latest study commissioned by Raytheon, “Privileged User Abuse & The Insider Threat,” looks at what companies are doing right and the vulnerabilities that need to be addressed with policies and technologies. One area that is a big problem is the difficulty in actually knowing if an action taken by an insider is truly a threat. Sixty-nine percent of respondents say they don’t have enough contextual information from security tools to make this assessment and 56 percent say security tools yield too many false positive. To learn more, we hope you will read the full report:
http://www2.trustedcs.com/Raytheon-PonemonSurveyResearchReport

Ponemon Institute Releases 2014 Cost of Data Breach: Global Analysis
May 5, 2014, 10:15 am

Throughout the world, companies are finding that data breaches have become as common as a cold but far more expensive to treat. With the exception of Germany, companies had to spend more on their investigations, notification and response when their sensitive and confidential information was lost or stolen. As revealed in the 2014 Cost of Data Breach Study: Global Analysis, sponsored by IBM, the average cost to a company was $3.5 million in US dollars and 15 percent more than what it cost last year.

Will these costs continue to escalate? Are there preventive measures and controls that will make a company more resilient and effective in reducing the costs? Nine years of research about data breaches has made us smarter about solutions.

Critical to controlling costs is keeping customers from leaving. The research reveals that reputation and the loss of customer loyalty does the most damage to the bottom line. In the aftermath of a breach, companies find they must spend heavily to regain their brand image and acquire new customers. Our report also shows that certain industries, such as pharmaceutical companies, financial services and healthcare, experience a high customer turnover. In the aftermath of a data breach, these companies need to be especially focused on the concerns of their customers.

As a preventive measure, companies should consider having an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly. Other measures include having a CISO in charge and involving the company’s business continuity management team in dealing with the breach.

In most countries, the primary root cause of the data breach is a malicious insider or criminal attack. It is also the most costly. In this year’s study, we asked companies represented in this research what worries them most about security incidents, what investments they are making in security and the existence of a security strategy.

An interesting finding is the important role cyber insurance can play in not only managing the risk of a data breach but in improving the security posture of the company. While it has been suggested that having insurance encourages companies to slack off on security, our research suggests the opposite. Those companies with good security practices are more likely to purchase insurance.

Global companies also are worried about malicious code and sustained probes, which have increased more than other threats. Companies estimate that they will be dealing with an average of 17 malicious codes each month and 12 sustained probes each month. Unauthorized access incidents have mainly stayed the same and companies estimate they will be dealing with an average of 10 such incidents each month.

When asked about the level of investment in their organizations’ security strategy and mission, on average respondents would like to see it doubled from what they think will be spent—an average of $7 million to what they would like to spend—an average of $14 million. This may be a tough sell in many companies. However, our cost of data breach research can help IT security executives make the case that a strong security posture can result in a financially stronger company.

To download the complete report please use the following link:

www.ibm.com/services/costofbreach
 

 

Unlocking the Mobile Security Potential: The Key to Effective Two-Factor Authentication
March 14, 2014, 9:23 am

An important security issue for many companies is the authentication of users using mobile devices for transactions. Unlocking the Mobile Security Potential: The Key to Effective Two-Factor Authentication sponsored by tyntec and conducted by Ponemon Institute provides insights into mobile authentication in four global regions: North America (NA), Europe, Middle East and Africa (EMEA), Asia-Pacific plus Japan (APJ) and Latin America plus Mexico (LATAM).

The study has interesting findings about the state of mobile authentication and the preferences of companies. Specifically, for security purposes, location and validation of the number in real-time is considered valuable. They believe this would strengthen their security measures assuming opt-in by end-user. Furthermore, in the coming year most of the respondents say they are considering planning to extend the use of SMS-based two-factor authentication for user registration or identity verification or activation of online services. To download the entire report, please use this link.

Warmest regards,

Dr. Larry Ponemon
 

Fourth Annual Benchmark Study on Patient Privacy and Data Security
March 12, 2014, 6:00 am

Today we are releasing our Fourth Annual Benchmark Study on Patient Privacy and Data Security. We hope you will read the report sponsored by ID Experts that reveals some fascinating trends. Specifically, criminal attacks on healthcare systems have risen a startling 100 percent since we first conducted the study in 2010. This year, we found the number and size of data breaches has declined somewhat. Employee negligence is a major risk and is being fueled by BYOD. Giving healthcare organizations major headaches are: risks to patient data caused by the Affordable Care Act, exchange of patient health information with Accountable Care Organizations and lack of trust in business associates privacy and security practices. For a copy of the Fourth Annual Benchmark Study on Patient Privacy and Data Security, visit www2.idexpertscorp.com/ponemon

Thales e-Security and Ponemon Institute collaborate to produce 2013 Global Encryption Trends Study
March 7, 2014, 12:00 am

This past February, Thales e-Security released the publication of its latest 2013 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still major challenges in executing data encryption policy.
The survey indicated that only 14% of organizations surveyed do not have any encryption strategy compared with 22% last year. The study also shows that there has been a steady increase in the deployment of encryption solutions used by organizations over the past nine years, with 35% of organizations now having an encryption strategy applied consistently across the entire enterprise compared with 29% last year. 
“Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption. For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms – especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems.”
- Dr. Larry Ponemon, chairman and founder of The Ponemon Institute

“Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue. The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years’ experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness.”
-Richard Moulds, vice president strategy at Thales e-Security

Download your copy of the new 2013 Global Encryption Trends Study today.

Records 1 - 10 of 57 — Jump to page First 1 2 3 4 5 6 Last
Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)