Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.



Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

Risk of Insider Fraud: Second Annual Study
February 28, 2013, 8:00 am

Today we released a new study entitled the Risk of Insider Fraud: Second Annual Study . The research reveals that the number of employee-related incidents of fraud continues to remain high. However, only 44 percent of IT and IT security practitioners say their organization views the prevention of insider fraud as a top security priority and this perception has declined since we first conducted this study in 2011. Contributing to the insider risk is BYOD, employee access of enterprise systems from remote locations and lack of security protocols over edge devices. Some suggestions to address these risks include making training and awareness an important component of a security initiative and monitoring access privileges. These privileges also need to be appropriate for the employees’ role and responsibility. We hope you will read the full report that discusses the challenges organizations face in minimizing the risk of the malicious and negligent insider.  The report is available at -

The Post Breach Boom
February 26, 2013, 8:00 am

Data breaches have become a fact of life for organizations of all sizes, in every industry and in many parts of the globe. While many organizations anticipate that at some point a non-malicious or malicious data breach will occur, the focus of this study is to understand the steps organizations are taking to deal with the aftermath of a breach or what we call the Post Breach Boom. Sponsored by Solera Networks, we conducted The Post Breach Boom study to understand the differences between non-malicious and malicious data breaches and what lessons are to be learned from the investigation and forensics activities organizations conduct following the loss or theft of sensitive and confidential information. The majority of respondents in this study believe it is critical that a thorough post-breach analysis and forensic investigation be conducted following either a non-malicious or malicious security breach. To download the report, please click here.

Efficacy of Emerging Network Security Technologies
February 25, 2013, 8:00 am


One of our latest studies is the Efficacy of Emerging Network Security Technologies our objective is to learn about organizations’ use and perceptions about emerging network security technologies and their ability to address serious security threats.  The emerging technologies examined in this study include next generation firewalls, intrusion prevention systems with reputation feeds and web application firewalls. Some interesting findings include:  Securing web traffic is by far the most significant network security concern for the majority of organizations. However, the majority of respondents say network security technologies fall short of vendors’ promises. Almost half (48 percent) of respondents agree that emerging network security technologies are not effective in minimizing attacks that aim to bring down web applications or curtail gratuitous Internet traffic. To read a copy of the report please click


Understanding the Methodology and Staggering Costs in the Annual Cost of Failed Trust Report
February 21, 2013, 12:00 am

Some staggering numbers

Every Global 2000 enterprise faces a total exposure of almost U.S. $400 million over 24 months due to new and evolving attacks on failed cryptographic key and digital certificate management. And adjusting for probability established by survey participants, we found every enterprise risks losing $35 million.
This findings cap our First Annual Cost of Failed Trust Report: Trusts and Attacks, which quantifies, for the first time, the financial impact of impact of new threats and attacks on our ability to control trust.

Complete study is available -

2012 Most Trusted Companies for Privacy
January 28, 2013, 9:00 am

Do we still care about privacy? According to our annual study on privacy trust, more and more of us do care. Our biggest privacy concerns are the fear of identity theft and government intrusions into our personal lives. 

Third Annual Patient Privacy & Data Security Study Released
December 6, 2012, 6:00 am

Could BYOD increase the risks of a healthcare data breach and medical identity theft? The third annual study on Patient Privacy and Data Security reveals the explosion of mobile devices used in healthcare organizations.

2013 State of the Endpoint
December 5, 2012, 7:00 am

Sponsored by Lumension, the 2013 State of the Endpoint is our third annual study that tracks endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats.

Edelman Privacy Risk Index
November 15, 2012, 11:03 am

We are very pleased to introduce the Edelman Privacy Risk Index developed in collaboration with Ponemon Institute.  The Index provides a high level risk coefficient specified for various sized business organizations. The Index is derived from Meta analysis of Ponemon research involving more than 6,400 individuals located in 29 countries.  Here is the link to the online calculator:

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition sponsored by Silver Tail Systems
October 2, 2012, 2:05 am



Second Annual Patient Privacy Study Released
December 1, 2011, 9:13 am

Widespread use of mobile devices is putting patient data at risk, according to the latest Ponemon Institute research on healthcare providers' patient privacy practices.While 81 percent of respondents say employees in their healthcare organizations are using mobile devices to collect, store and/or transmit some form of PHI, 49 percent admit their organizations are not doing anything to protect these devices. To download a copy of the report click here:

Records 41 - 50 of 77 — Jump to page First 1 2 3 4 5 6 7 8 Last
Security (23)
Privacy (22)
global security (1)
Providers (1)