Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Category: Privacy
Second Annual Patient Privacy Study Released
December 1, 2011, 9:13 am

Widespread use of mobile devices is putting patient data at risk, according to the latest Ponemon Institute research on healthcare providers' patient privacy practices.While 81 percent of respondents say employees in their healthcare organizations are using mobile devices to collect, store and/or transmit some form of PHI, 49 percent admit their organizations are not doing anything to protect these devices. To download a copy of the report click here:

Benchmarking Information Security Efficiency
July 1, 2010, 4:07 pm

Recently the Ponemon Institute completed a new project, the Security Efficiency Benchmark Study, the purpose of which was to learn what IT security leaders in the UK and European think are the key components to having an efficient and effective security operation. In other words, we wanted to know what is necessary for achieving data security goals and protect information assets and infrastructure.

Training Is the Strongest Link
December 10, 2009, 3:50 pm

Today we held a RIM College event featuring three noted experts in corporate privacy training programs -- namely, Dean Forbes (Merck), Bob Posch (Merck) and John Block (Media Pro).  Our focus is: what are leading companies doing to achieve awareness and knowledge about privacy and data protection requirements?

Sophos & Ponemon Institute Announces New Study
December 5, 2009, 3:22 pm

We are pleased to present The State of Privacy and Data Security Compliance study conducted by Ponemon Institute and sponsored by Sophos. The purpose of the study is to determine if various international, federal and state data security laws improve an organization’s security posture. What is the value of compliance and does it correlate with the value of the compliance effort?

What We have here is, Failure to Communicate
July 14, 2009, 3:38 pm

Privacy pro: Do you ever feel like you are working overtime to meet overly ambitious expectations? Are you frustrated by your attempts to outline a plan for protecting sensitive personal information only to get the sense that you are talking to a brick wall?

CEO: Are you puzzled as to why the people your company has hired to address security and privacy concerns never seem to meet the objectives you have for them? Are you flummoxed by the fact that the investments you’ve made in data security aren’t helping to stem the tide of data loss? 

The Road to Data Breach is Paved with Good Intentions
April 19, 2010, 12:25 pm

We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies.

Yes, I said complacency.

The Goal is Credibility
August 31, 2009, 2:20 pm

I want to share an article with you that I think has a tremendous lesson for anyone in the business of building trust.  The article is from a recent edition of Foreign Policy (reprinted from Joint Force Quarterly), but don't let the source put you off.  Admiral Michael G. Mullen, chairman of the Joint Chiefs of Staff, writes about what it takes to establish credibility and build trust.

Admiral Mullen's perspective is different from yours and mine, but there are nuggets here that are vital no matter what your business.


Thank You, Friends of the Ponemon Institute!
July 20, 2009, 3:36 pm

A warm thank you to everyone who made this past weekend's RIM Renaissance a success.  The discussions were lively and productive, and I think we all came away just a little bit smarter as a result of the candor.  We do appreciate the enthusiasm that seems to pervade these events, and the willingness to put aside your valuable time to join with us on these annual occasions, as well as the ongoing conversations that take place throughout the year.

Archer-Ponemon Treaty for Data Governance
July 21, 2009, 4:10 pm

I’m still processing a lot of the information gathered, shared, and created during our 8th RIM Renaissance this past weekend in Minneapolis. One of our sessions focused on the creation of an information governance “treaty” that holds various organizational members to a high standard (consistent with our RIM principles). Please review the following draft document and let me know what you think.

Dr. Ponemon's Blog
April 6, 2009, 5:02 pm

Welcome to my new blog. I look forward to sharing some of our thought provoking research. I also look forward to receiving your comments and questions. Stay tuned.

Most trusted companies for privacy
July 31, 2011, 10:55 am

Ponemon Institute is releasing our annual Most Trusted Companies for Privacy study this coming week.  This is the eighth year that we conducted a U.S. national consumer study that determines the organizations believed to be most committed to protecting and securing personal information.  Our research also determines the underlying factors that consumers perceive as most important or influential to their trust ratings.   For more information, please contact

Poor Privacy Practice is Ailing Healthcare Industry
November 9, 2010, 6:05 am

It has been more than six years since the ChoicePoint data breach thrust the issue of privacy protection into the headlines. Since then hundreds of information security failures have been disclosed and the tools and techniques used to keep sensitive information safe have advanced at a healthy pace. Recent incidents in the healthcare industry, however, strongly suggest that best practices have not been universally adopted.

Data Center Outages and Data Management
October 14, 2010, 4:12 pm

I hear the collective sound of our friends, colleagues, and other interested parties scratching their heads at the release of the most recent piece of Ponemon Institute research, National Survey on Data Center Outages. You read that right, data center outages.

Information Governance in the Cloud
July 15, 2010, 11:08 am

Just a brief note to bring our recent webinar to your attention.  I presented Information Governance in the Cloud along with the good people at Symantec.  The presentation is based in part on results from our earlier report, Flying Blind in the Cloud.

If you want to view the webinar, presented on the Windows Live Meeting platform, please click here.

If you have any questions or comments about this issue, our report, or the webinar, we'd love to hear from you.


Crowe Horwath & Ponemon release HITECH study
November 21, 2009, 11:49 am

I am delighted to share with you our recently completed benchmark study that focuses on healthcare organizations and their ability to comply with new regulations. Of 77 participating covered entities and business associates, 27% percent have not started or are barely aware of what they need to do, 32% are waiting for more details, 14% have a plan but are waiting for more details, and 21% are just starting to act.  This data was collected from June through October 2009. If you are affected by the HITECH Act, this benchmark study may be helpful to you.

Second annual cost of cyber crime study is released
August 2, 2011, 11:04 am

Today we released our Second Annual Cost of Cyber Crime Study.  Our findings support other research studies suggesting increases in the frequency, severity and overall cost of cyber attacks on private and public sector organizations. Our study is sponsored by HP ArcSight.  I would be very pleased to discuss this year's findings, framework and research methods.  Please feel free to call us directly or send an email to to schedule a one-to-one meeting.

Annual Privacy Trust Study for Retail Banking
January 17, 2008, 11:01 am

(click to download study) It should come as no surprise that trust is increasingly important in customers’ loyalty to their bank. While overall trust in the industry is down, banks that experienced a significant data breach also experienced a significant decline in their trust scores. This study also reveals there is a correlation between customers’ trust and how long they remain with the same bank. Customers expect their bank to have protective measures in place to guard their data. If that expectation is not met, they will change banks.

Making Web 2.0 Work
February 17, 2010, 11:01 am

(click to download study) Ponemon Institute with sponsorship from IBM conducted a study of Web 2.0 users in the US, Brazil, Russian Federation, People's Republic of China, Singapore, Sweden and Germany to understand their perceptions about responsibility when using Internet collaboration tools.

How Global Organizations Approach the Challenge of Protecting Personal Data
February 17, 2010, 11:01 am

(click to download study) How data privacy perceptions and practices around the globe inform and influence data protection practices. More than 5,500 business leaders were surveyed.

Economic Impact of Privacy on Online Behavioral Advertising
April 17, 2010, 10:01 am

(click to download study) Independent Ponemon Institute research looks into the controversial behavioral advertising industry to understand from marketers their experience with the medium’s success, and how consumer perceptions of trust or lack thereof are affecting investments.

2010 Most Trusted Companies for Privacy
February 28, 2010, 10:01 am

US Consumers
(click to download study) The only objective study that asks US consumers to name and rate organizations they believe are most committed to the privacy of their personal information.

What Auditors Think about Crypto technologies
March 18, 2011, 4:01 pm

Sponsored by Thales eSecurity
(download the study) The purpose of this study was to identify what auditors think abut crypto technologies as it applies to data protection and compliance activities in public and private organizations.  Seventy-one percent of respondents believe that an organization’s information assets cannot be fully protected without the use of crypto solutions.

Security (23)
Privacy (22)
global security (1)
Providers (1)