MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.

...more

The Road to Data Breach is Paved with Good Intentions

April 19, 2010, 12:25 pm

We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies.

Yes, I said complacency.

Oh, don’t get me wrong: most organizations have good intentions with regard to data protection, but we all know where the road paved with good intentions leads.

Here are two key findings we learned through the new study:

  • Although 70 percent of both organizations and individual respondents agreed that organizations should secure individuals’ personal information, disclose how they use it and deal with the ramifications of losing it, nearly half were ambivalent about granting individuals control over their personal information, did not place a high priority on several critical aspects of consumer privacy and did not believe typical privacy practices were important.
  • While 58 percent of organizations experienced at least one security breach in the past two years, 31 percent did not. The group that had no breaches displayed some substantial differences in attitudes and policies regarding data privacy and protection. In particular, they demonstrated the belief that individuals have substantial rights to manage, correct and control their personal information and to understand how such information is being used. They also were more likely to feel a stronger obligation to uphold data privacy and protection, and to have policies that make the protection of sensitive data a high priority. Furthermore, organizations with no breaches tend to take a stricter view of appropriate uses of personal information—for instance, being far less likely to believe it is appropriate to sell personal data for profit.

This suggests a strong correlation between an organization’s level of respect for an individual’s personal data and the likelihood that the organization will suffer a data breach.

By establishing an environment within an organization that encourages employees to see data as an extension of the customer and not merely something owned by the company, thereby fostering the development of a “culture of caring,” data privacy and information security programs become more effective.

To download a copy of the report, please visit the Accenture website.


Add Comment Add Comment (3 comments)

Comments

December 8, 2011 4:55pm
Don Turnblade

The breach free rate of 31% over two years has to change. To get data breach costs back to the level they need to be, we need breach free odds per year more on the order of 92.6% per year.

To do that, we need more than adopting the practices of low breach companies, we need near mistake proof processes for sensitive information. Even a company with 21 staffers would need a mistake rate per person would need to be below 0.4%. For large companies it would need to be even smaller.

December 8, 2011 4:54pm
Don Turnblade

Dollars and cents can illustrate the good sense that caring for the customer cares fore one's own business.

If 31% of companies had no breach in the last two years. The average rate of breaches per two years is 2.2 or 1.1 per year. If the average cost of a breach is 6.75 Million USD in cleanup, legal fees and customer churn. Then, average lack of security costs 7.5 Million / yr. Using Garner's rule of thumb, that IT should cost 8% of revenue and Information Security 5% of that. Then, only organizations with 1.8 Billion / yr of Annual Revenue can absorb these average breach costs.

December 8, 2011 4:53pm
Lynette

We need to move toward adopting the idea of what will keep a customer's respect. Quality service / products + protecting customer's best interest = customer loyalty.

Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)