Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Tag: compliance
More Employees Ignoring Data Security Policies
June 10, 2009, 4:38 pm

Does it surprise you to learn that, according to our recent study, Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security, employee compliance with corporate data security policies is on the wane?

Why do you think this is?  I’m seeing a confluence of conditions that appear to be contributing to this challenge to data integrity: the development of new, mobile technologies that empower employees to do more while away from the office; a failure of organizations to keep pace with the ways technology is changing the dynamics of data security; and current economic conditions that are putting increased pressure on individuals to be more productive with fewer resources.

According to our study, made possible through a sponsorship by secure USB flash drive developer IronKey, employees routinely engage in activities that put sensitive data at risk.  They are downloading data onto unsecured mobile devices (61%), sharing passwords (47%), losing data-bearing devices (43%), and turning off their mobile devices’ security tools (21%).  And, reflective of the blurring of the lines between personal and professional lives, they are using web-based personal email in the office (52%), downloading Internet software onto an employer’s devices (53%), and engaging in online social networking while in the workplace (31%).

With the exception of social networking, which we measured for the first time this year, each of these risky behaviors represents an increase compared to last year's results.

Interestingly, of those surveyed, 58% said their employer failed to provide adequate data security awareness and training, and 57% said their employer’s data protection policies were ineffective. According to 43%, there was poor communication and enforcement of data security policies.

The Ponemon Institute believes these results show overall lack of urgency by companies on the need to address data security.  Unfortunately, our studies have also shown that it often takes a data breach incident before an organization will finally get their wake-up call and take data security seriously.

Listen to a new podcast on the True Cost of Compliance study
March 7, 2011, 9:31 am

Dear friends and colleagues,

Please listen to a recent podcast on the True Cost of Compliance study completed last month.  Martin KcMeay at Network Security Blog did a great job conducting this 30 minute interview.

If you would like a copy of the full report, please visit Tripwire's website as follows:


Compliance Like a Club
January 31, 2011, 10:14 am

Have you ever noticed how some organizations wield compliance like a club when marketing their products or services? They remind you of the latest in information security regulations, such as the HITECH Act or Mass 201 CMR 17, and then menacingly predict doom for those who transgress. If you fail to comply, their messages warn like a cross schoolmarm, the boogey man will flash his regulator badge and lower the boom (unless, of course, you buy the appropriate product or service).

Crowe Horwath & Ponemon release HITECH study
November 21, 2009, 11:49 am

I am delighted to share with you our recently completed benchmark study that focuses on healthcare organizations and their ability to comply with new regulations. Of 77 participating covered entities and business associates, 27% percent have not started or are barely aware of what they need to do, 32% are waiting for more details, 14% have a plan but are waiting for more details, and 21% are just starting to act.  This data was collected from June through October 2009. If you are affected by the HITECH Act, this benchmark study may be helpful to you.

The True Cost of Compliance: A Benchmark Study of Multinational Organizations
January 5, 2011, 4:04 am


While the average cost of compliance for the organizations in our study is $3.5 million, the cost of non-compliance is much greater.

2010 Access Governance Trends Survey
January 18, 2010, 4:01 pm

(click to download study) This second annual study examines access governance practices in US organizations. The objective of this study is to track perspectives of IT security and compliance practices about how well they are achieving access governance within their organizations.

What Auditors Think about Crypto technologies
March 18, 2011, 4:01 pm

Sponsored by Thales eSecurity
(download the study) The purpose of this study was to identify what auditors think abut crypto technologies as it applies to data protection and compliance activities in public and private organizations.  Seventy-one percent of respondents believe that an organization’s information assets cannot be fully protected without the use of crypto solutions.

2014: A Year of Mega Breaches
January 28, 2015, 10:00 am

2014 will long be remembered for a series of mega security breaches and attacks starting with the Target breach in late 2013 and ending with Sony Pictures Entertainment. In the 2014: A Year of Mega Breaches study sponsored by Identity Finder, the following findings reveal changes companies are making to their security strategies.

• More resources are allocated to preventing, detecting and resolving data breaches. According to 61 percent of respondents, the budget for security increased by an average of 34 percent. Most was used for SIEM, endpoint security and intrusion detection and prevention.

• Senior management gets a wake up call and realizes the need for a stronger cyber defense posture. Sixty-seven percent of respondents say their organization made sure the IT function has the budget necessary to defend it from data breaches.

• Operations and compliance processes are changing to prevent and detect breaches. Sixty percent of respondents say they made changes to operations and compliance processes to establish incident response teams, conduct training and awareness programs and use data security effectiveness measures.

We hope you will read the full report.

Security & Compliance Trends in Innovative Electronic Payments
October 29, 2014, 12:00 am

 Ponemon Institute is pleased to present the findings of Security & Compliance Trends in Innovative Electronic Payments,  sponsored by HP Atalla.

Security (23)
Privacy (22)
global security (1)
Providers (1)