Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.


Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

Unlocking the Mobile Security Potential: The Key to Effective Two-Factor Authentication
March 14, 2014, 9:23 am

An important security issue for many companies is the authentication of users using mobile devices for transactions. Unlocking the Mobile Security Potential: The Key to Effective Two-Factor Authentication sponsored by tyntec and conducted by Ponemon Institute provides insights into mobile authentication in four global regions: North America (NA), Europe, Middle East and Africa (EMEA), Asia-Pacific plus Japan (APJ) and Latin America plus Mexico (LATAM).

The study has interesting findings about the state of mobile authentication and the preferences of companies. Specifically, for security purposes, location and validation of the number in real-time is considered valuable. They believe this would strengthen their security measures assuming opt-in by end-user. Furthermore, in the coming year most of the respondents say they are considering planning to extend the use of SMS-based two-factor authentication for user registration or identity verification or activation of online services. To download the entire report, please use this link.

Warmest regards,

Dr. Larry Ponemon

Fourth Annual Benchmark Study on Patient Privacy and Data Security
March 12, 2014, 6:00 am

Today we are releasing our Fourth Annual Benchmark Study on Patient Privacy and Data Security. We hope you will read the report sponsored by ID Experts that reveals some fascinating trends. Specifically, criminal attacks on healthcare systems have risen a startling 100 percent since we first conducted the study in 2010. This year, we found the number and size of data breaches has declined somewhat. Employee negligence is a major risk and is being fueled by BYOD. Giving healthcare organizations major headaches are: risks to patient data caused by the Affordable Care Act, exchange of patient health information with Accountable Care Organizations and lack of trust in business associates privacy and security practices. For a copy of the Fourth Annual Benchmark Study on Patient Privacy and Data Security, visit

Thales e-Security and Ponemon Institute collaborate to produce 2013 Global Encryption Trends Study
March 7, 2014, 12:00 am

This past February, Thales e-Security released the publication of its latest 2013 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still major challenges in executing data encryption policy.
The survey indicated that only 14% of organizations surveyed do not have any encryption strategy compared with 22% last year. The study also shows that there has been a steady increase in the deployment of encryption solutions used by organizations over the past nine years, with 35% of organizations now having an encryption strategy applied consistently across the entire enterprise compared with 29% last year. 
“Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption. For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms – especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems.”
- Dr. Larry Ponemon, chairman and founder of The Ponemon Institute

“Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue. The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years’ experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness.”
-Richard Moulds, vice president strategy at Thales e-Security

Download your copy of the new 2013 Global Encryption Trends Study today.

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations
February 12, 2014, 2:00 pm

What does a security team tell the CEO and board when a cyber attacker robs the company’s IP or shuts down the networks? CISOs face job insecurity because of the difficulty in being able to gather the threat intelligence quickly enough to know the “who,” “what,” “where,” “how” and “why” to respond and resolve an attack. The study reveals that many reports to senior management about a cyber attack are modified, filtered or watered down because the CISO does not have accurate and actionable threat intelligence.  What needs to be done? The consensus among the IT security practitioners surveyed is that they need the time and tools to discover and understand the nature of attacks faster with greater precision. To learn more about the current state of cyber attack responsiveness, we hope you will read Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations sponsored by AccessData. For a copy of the full report, please click here.

The Impact of IT Transformation on Enterprise Computing
February 4, 2014, 3:30 pm

We are pleased to present the findings of The Impact of IT Transformation on Enterprise Computing sponsored by the Logicalis Corporation and HP.  The objective of this research is to better understand how the different stages of IT transformation can affect an organization, the challenges to advancing through each stage and how successful progression can improve an organization’s IT effectiveness, including IT security. (Click to download study)

Cyber Security Incident Response: Are We as Prepared as We Think?
January 21, 2014, 3:00 pm

Why is the CEO the last to know if the company had a cyber attack? According to the IT experts in our latest study, only 20 percent say they have regular communication with their senior leadership about threats and only 14 percent say the C-suite takes part in incident response. We hope you will read our latest study, Cyber Security Incident Response: Are We as Prepared as We Think? Sponsored by Lancope, IT experts share their insights about the state of incident response. The report can be found at:

2013 Survey on Medical Identity Theft
September 11, 2013, 11:00 pm

We are pleased to announce the release of our 2013 Survey on Medical Identity Theft. This is the fourth year of the study and as in previous years we find that medical identity theft continues to be a costly and potentially life-threatening crime. However, unlike other forms of identity theft, the thief is most likely to be someone the victim knows very well. In this study of more than 700 victims of this fraud, most cases of identity theft result not from a data breach but from the sharing of personal identification credentials with family and friends. Or, family members take the victim’s credentials without permission.

We believe that individuals, healthcare organizations and government working together can reduce the risk of medical identity theft. First, individuals need to be aware of the negative consequences of sharing their credentials despite possible good intentions. They should also take the time to read their medical records and explanation of benefits statements to ensure that their information is correct. Second, healthcare organizations and government should improve their authentication procedures to prevent imposters from obtaining medical services and products.
Sponsored by the Medical Identity Fraud Alliance (MIFA), with support from ID Experts, the report can be found at

Live Threat Intelligence Impact Report 2013
August 23, 2013, 2:16 pm

Slow and weak threat intelligence can keep companies from defending against security compromises, breaches and exploits. According to the findings, if actionable intelligence about cyber attacks is available within 60 seconds before a compromise, the average cost of an exploit could be reduced an average of 40 percent. To learn more about the value of immediate threat intelligence, the current state of threat intelligence and the propensity of organizations to invest in live intelligence solutions, please listen to a webcast featuring Dr. Larry Ponemon and Jeff Harrell of Norse discussing the highlights of the research study, Live Threat Intelligence Impact Report 2013. To listen to the webinar and download a copy of the study, click here

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
August 22, 2013, 12:00 am

We are pleased to announce the release of a new study, Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age. With the increasing cost and volume of data breaches, cyber security is quickly moving from being considered by business leaders as a purely technical issue to a larger business risk. This shift has spurred increased interest in cyber insurance to mitigate the cost of these issues. For the full report, please click here.

Live Threat Intelligence Impact Report 2013
July 26, 2013, 10:00 am

We are pleased to announce the release of a new study, Live Threat Intelligence Impact Report 2013, that reveals the facts behind the impact that weak intelligence can have on organizations and why the ability to quickly gather, analyze and use actionable intelligence is essential to cyber defense. According to the study sponsored by Norse, the companies that seem to be most successful in thwarting compromises to networks and enterprise systems say the optimal age of actionable intelligence is no longer than 4.6 minutes. To learn more about the value of immediate and live intelligence, we hope you will read the full report. To access click here.

Records 1 - 10 of 50 — Jump to page First 1 2 3 4 5 Last
Security (23)
Privacy (22)
global security (1)
Providers (1)