Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.



Welcome to my blog. I look forward to providing interesting content from our latest research studies. Please stay tuned for some very thought provoking research!

The Economics of Security Operations Centers: What is the True Cost for Effective Results?
January 30, 2020, 12:00 am

What if we told you that nearly half (49%) of IT security practitioners are dissatisfied with the effectiveness of their Security Operation Centers (SOCs) or service providers?  If you can relate, you might want to download our 2019 SOC benchmarking report with the Ponemon Institute. Those of you looking to gain efficiencies or increase your ROI with security monitoring and analysis this is a must-read.

For the report, Ponemon surveyed 637 security practitioners who work in or manage SOCs. The intent of this research is to understand the investments that organizations are putting into building and maintaining Security Operations and highlight the barriers that are preventing teams from being effective.

The digitized business is bringing more data online and into the cloud, and organizations are leveraging SOCs to monitor inbound threats to that data. As a result, the modern SOC is a foundational part of many organizations’ cybersecurity posture today. And the investment that organizations pour into their SOCs reflects that importance. On average, organizations spend $2.86 million annually on their in-house SOCs.

Yet despite this investment, our research uncovered that a majority of organizations found their investments in SOCs to be expensive and not performing as well as they had hoped.  Significantly, the cost increases to $4.44 million annually if outsourced to a managed security service provider (MSSP), negating any cost efficiency expectations from outsourcing. Reflecting this frustration, only 51% of organizations represented in this study are satisfied with either the effectiveness of their SOC or their service provider.

As the study reveals, there is a substantial expense in hiring, training and retaining SOC employees, making people one of the largest investment areas for the SOC. Exacerbating this expense is personnel turnover, with most reporting loss of SOC professionals due to burnout and related stressors. Interestingly, while the best-performing SOCs have a greater number of employees and slightly less turnover, they cost significantly more. However, most organizations can’t or don’t have the resources to build out best-of-breed infrastructure. In search of a solution, many organizations turn to outsourcing their SOCs with MSSPs, but that’s not a guarantee of success either. The report found that 42% of respondents consider their MSSPs to be ineffective.

If you want to see how you stack up with your peers, click here to read the full report!

New Research on Privileged Access Management Reveals the Status Quo Is Not Secure
October 11, 2019, 9:00 am

The 2019 Study on Privileged Access Security

The Cyber Hygiene Index: Measuring the Riskiest States
June 8, 2018, 10:00 am

Are the residents of certain states more aware than others about the importance of maintaining a high level of readiness in order to prevent, detect and respond to cyber-related attacks such as malware, phishing, ransomware and to identity/credential theft? The answer is yes.

Data Breaches Caused by Insiders Increase in Frequency and Cost
April 26, 2018, 12:00 am

Ponemon Institute and ObserveIT have released The 2018 Cost of Insider Threats: Global Study, on what companies have spent to deal with a data breach caused by a careless or negligent employee or contractor, criminal or malicious insider or a credential thief. While the negligent insider is the root cause of most breaches, the bad actor who steals employees’ credentials is responsible for the most costly incidents.

Ponemon Institute and Kilpatrick Townsend release The Second Annual Study on the Cybersecurity Risk to Knowledge Assets
April 25, 2018, 2:00 pm

The key takeaway of this research is that companies’ awareness of the risk to knowledge assets has increased since the first study was conducted. Which is having a positive impact on their ability to safeguard these high value assets. Specifically, more companies are making the protection of knowledge assets an integral part of their IT security strategy and boards of directors are requiring assurances that knowledge assets are managed and safeguarded appropriately.

Ponemon Institute Announces the Release of the 2018 Megatrends Study
March 15, 2018, 11:00 am

Ponemon Institute Announces the Release of the 2018 Megatrends Study

A major deterrent to achieving a strong security posture is the inability for IT professionals to know the big changes or megatrends in security threats that they need to be prepared for. Too many companies are overwhelmed with the daily attacks that are coming fast and furious to think long-term and understand what investments they should be making in people, process and technologies to prevent a catastrophic data breach or cyber attack.

The 2018 Study on Global Megatrends in Cybersecurity was conducted by Ponemon Institute and sponsored by Raytheon to help CISOs throughout the globe prepare for the future threat landscape that will be characterized by an increase in cyber extortion or ransomware attacks and data breaches caused by unsecured IoT devices. Here is the link to download the full report:


Dr. Larry Ponemon

The 2017 State of Endpoint Security Risk Report
November 20, 2017, 3:00 pm

Ponemon Institute releases the latest study on the state of endpoint security risk, sponsored by Barkly. As this research reveals, today’s organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack. To discover how exactly endpoint security is breaking down, and what organizations are doing to fix it, Ponemon Institute surveyed 665 IT security professionals responsible for managing and reducing their organization’s security risk. The findings indicate we are in the midst of a significant shift in endpoint security.

The majority of organizations are replacing or augmenting these solutions with new security tools designed to stop fileless attacks, though many remain skeptical such attacks can be stopped at all.  We hope you will read the full report

Dr. Larry Ponemon

Chair, Ponemon Institute

What are the 12 global trends in identity governance and access management?
October 25, 2016, 9:00 am


Ponemon Institute is pleased to present the findings of Global Trends in Identity Governance & Access Management, sponsored by Micro Focus. The purpose of this study is to understand companies’ ability to protect access to sensitive and confidential information and what they believe is necessary to improve the protection. All participants in this study are involved in providing end users access to information resources in their organizations. Some of the trends discussed in the report are:

1. Employees are frustrated with access rights processes, and IT security is considered a bottleneck.

2. Responding to requests for access is considered slow.

3. Control over access management is decentralized.

4. Certain technologies are considered an important part of meeting identity governance and access management requirements.

5. A single-factor authentication approach is no longer effective.

6. Integration of machine learning within identity governance solutions is critical (64 percent of respondents).

7. The most difficult access policies to implement are those for enforcing access policies in a consistent fashion across all information resources in the organization.

8. End users have more access than they should.

9. Migration to Mobile First and mobile platforms has affected access management approaches.

10. New threats created by disruptive technologies will reduce organizations’ ability to mitigate governance and access management risks.

11. The ability to manage access in the Internet of Things (IoT) is a concern.

12. Effective identity governance and access management across the enterprise is achievable.

We hope you will read our latest report on this topic.


Dr. Larry Ponemon 

Ponemon Institute and Cloudera announce a webinar on the state of cybersecurity big data analytics on October 11 at 10 AM PT/1 PM ET.
October 5, 2016, 9:00 am

Ponemon Institute and Cloudera announce a webinar on the state of cybersecurity big data analytics on October 11 at 10 AM PT/1 PM ET.

By Dr. Larry Ponemon

Big Data Cybersecurity Analytics, conducted by Ponemon Institute and sponsored by Cloudera, provides more evidence that the use of big data analytics is very important to ensuring a strong cybersecurity posture. Dr. Larry Ponemon and Rocky DeStefano, Cloudera’s cybersecurity subject matter expert, will participate in a webinar on October 11 to discuss key findings from the research.

Following are key findings from the research.

• Organizations are 2.25X more likely to identify a security incident within hours or minutes when they are a heavy user of big data cybersecurity analytics.

• Eighty-one percent of respondents say demand for big data for cybersecurity analytics has significantly increased over the past 12 months.

• Heavy users of big data analytics have a higher level of confidence in their ability to detect cyber incidents than light users.   With respect to 11 common cyber threats, the biggest gaps between heavy and light users concern the organization’s ability to detect advanced malware/ransomware, compromised devices (e.g., credential theft), zero day attacks and malicious insiders.  The smallest gaps in detection between heavy and light users concern denial of services, web-based attacks and spear phishing/social engineering.

• Companies represented in this research are allocating an average of $14.50 million to IT security in fiscal year 2016 and an average of $2.32 million (16 percent) of this budget is allocated to analytics tools.

We hope you will join us for a unique perspective on the state of big data cybersecurity analytics.

Register here.

SMBs are vulnerable to cyber attacks
July 1, 2016, 6:51 pm

We are pleased to announce the release of a study focused on the cybersecurity threat to small and medium-sized companies (SMBs). Based on the findings, we conclude that no business is too small to evade a cyber attack or data breach. In fact, 55 percent of respondents say they experienced a cyber attack in the past 12 months and 50 percent of companies represented in this study had a data breach during the past year.

Records 1 - 10 of 84 — Jump to page First 1 2 3 4 5 6 7 8 9 Last
Security (23)
Privacy (22)
global security (1)
Providers (1)