Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


SMBs are vulnerable to cyber attacks

July 1, 2016, 6:51 pm

We are pleased to announce the release of a study focused on the cybersecurity threat to small and medium-sized companies (SMBs). Based on the findings, we conclude that no business is too small to evade a cyber attack or data breach. In fact, 55 percent of respondents say they experienced a cyber attack in the past 12 months and 50 percent of companies represented in this study had a data breach during the past year.

We surveyed 598 individuals in companies with a headcount from less than 100 to 1,000.  According to participants in this research, SMBs face the following challenges.

• Prevalent attacks against smaller businesses are Web-based and phishing/social engineering.

• Negligent employees or contractors and third parties caused most data breaches. However, almost one-third of companies in this research could not determine the root cause.

• Current technologies cannot detect and block many cyber attacks. Most exploits have evaded intrusion detection systems and anti-virus solutions.

• Personnel, budget and technologies are insufficient to have a strong security posture. As a result, some companies engage managed security service providers to support an average of 34 percent of their IT security operations.

• Determination of IT security priorities is not centralized. The two functions most responsible are chief executive and chief information office. However, 35 percent of respondents say no one function in their company determines IT security priorities.

• Cloud usage and mobile devices that access business-critical applications and IT infrastructure will increase and threaten the security posture of companies in this study. However, only 18 percent of respondents say their company uses cloud-based IT security services and most password policies do not require employees to use a password or biometric to secure access to their mobile devices.

We hope you will read the full report.


Dr. Larry Ponemon


Security (23)
Privacy (22)
global security (1)
Providers (1)