Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.



Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

Criminal Attacks: The New Leading Cause of Data Breach in Healthcare
May 7, 2015, 9:00 am

The Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, sponsored by ID Experts, shows that, for the first time, criminal attacks are the number-one root cause of healthcare data breaches. We calculated a 125 percent growth in these attacks over the last five years—a huge net change in any study. Employee negligence and lost or stolen devices still result in many data breaches, according to the findings. However, one of the trends we are seeing is a shift of data breaches—from accidental to intentional—as criminals are increasingly targeting and exploiting healthcare data. Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.

This year, we expanded the study beyond healthcare organizations to include business associates. This provides a broader and more holistic view of the healthcare industry and shows the impact third parties have on the privacy and security of healthcare data. With sensitive information flowing and new threats emerging daily, healthcare organizations and their business associates are at great risk for data breach. In fact, 91 percent of healthcare organizations and 59 percent of business associates experienced a data breach.
Since we began this study in 2010, we have seen a slight uptick in the investments healthcare organizations are making to protect healthcare information, but it is still not enough to address the rapidly changing cyber threat environment. Sadly, half of all healthcare organizations and business associates have little or no confidence that they have the ability to detect all patient data loss or theft.

The bottom line is that healthcare organizations and their business associates are a community of organizations that share vulnerable patient data—a community that provides a larger attack surface, and many points of access, for criminals who are becoming more adept at acquiring and exploiting personal information.
A complimentary copy of this study is available at

New Ponemon Institute study released: Economic Impact of Mixed Content Warnings on Consumer Behavior
April 27, 2015, 12:40 pm

We have all encountered mixed content warnings that show a visual icon or pop-up that attempts to warn us while visiting a website. A new study by Ponemon Institute, sponsored by Ghostery, recently conducted an experimental study to test consumer reactions to mixed content warnings when browsing secure e-commerce sites. To cut to the chase, the study reveals that consumer attrition resulting from mixed content warnings on web pages is estimated to cost the top 100 Internet retailers in the United States $310 million per annum. We hope you will read the details in the entire report.

Warmest regards,
Dr. Larry Ponemon

A Few Challenges in Calculating Total Cost of a Data Breach Using Insurance Claims Payment Data
April 19, 2015, 1:34 pm

Let me first state that I am a big fan of the Verizon DBIR and have read every one. I also have a great deal of respect for the NetDiligence Cyber Claims Study and like many in the insurance industry, find it extremely valuable. I was, however, taken by surprise when I read the latest Verizon report and saw that their cost of a data breach analysis was based on the NetDiligence data set. Here’s why:

Why Ponemon Institute’s Cost of Data Breach Methodology Is Sound and Endures
April 16, 2015, 5:01 pm

This week, Verizon released its annual 2015 Data Breach Investigations Report. We respect the amount of effort and resources Verizon devotes to its annual report. In the past, Ponemon Institute has reached out to the researchers at Verizon because of what I believe should be a shared and collaborative goal to continuously improve and refine the research being conducted about data breaches and other security incidents. In fact, we were pleased to have Wade Baker from the Verizon DBIR team speak to our Institute’s RIM Council of sponsoring companies and Fellows in December 2012. By the way, Verizon is a sponsoring company of the Institute.


Ponemon Institute releases new study on how organizations can leapfrog to a stronger cyber security posture
April 10, 2015, 4:00 pm

Is your company’s security strategy stuck in a rut? Are you concerned that the competition is outpacing you in its ability to deal with increasingly sophisticated and stealthy cyber criminals. Ponemon Institute with sponsorship from Accenture spent several months interviewing senior level IT and IT security practitioners in 247 companies to identify the main factors that contribute to an organization’s improved security posture—or leapfrogging from a level of low to high performance in its security ecosystem.

2014: A Year of Mega Breaches
January 28, 2015, 10:00 am

2014 will long be remembered for a series of mega security breaches and attacks starting with the Target breach in late 2013 and ending with Sony Pictures Entertainment. In the 2014: A Year of Mega Breaches study sponsored by Identity Finder, the following findings reveal changes companies are making to their security strategies.

• More resources are allocated to preventing, detecting and resolving data breaches. According to 61 percent of respondents, the budget for security increased by an average of 34 percent. Most was used for SIEM, endpoint security and intrusion detection and prevention.

• Senior management gets a wake up call and realizes the need for a stronger cyber defense posture. Sixty-seven percent of respondents say their organization made sure the IT function has the budget necessary to defend it from data breaches.

• Operations and compliance processes are changing to prevent and detect breaches. Sixty percent of respondents say they made changes to operations and compliance processes to establish incident response teams, conduct training and awareness programs and use data security effectiveness measures.

We hope you will read the full report.

Ponemon Institute Announces Results of 2014 Most Trusted Companies for Privacy Study
January 28, 2015, 9:00 am

In recognition of Data Privacy Day, Ponemon Institute is pleased to announce the results of the 2014 Most Trusted Companies for Privacy Study, an annual study that tracks consumers’ rankings of organizations that collect and manage their personal information. This year, the most trusted company is Amazon. 

The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA
January 28, 2015, 8:30 am

Ponemon Institute is pleased to present the Open Source Collaboration Study conducted in the US & EMEA. The study found that overall, IT professionals' perceptions of commercial open source software for messaging and collaboration are more positive than their perceptions of proprietary software. Common to both the US and EMEA, is IT professionals' dissatisfaction with their current messaging and collaboration platforms, the majority of which are proprietary solutions. And, while IT professionals in the US and EMEA disagree on the relative importance of security versus privacy, there is agreement among IT professionals that commercial open source software offers better cost, control, quality and business continuity than proprietary software. To learn more about this research sponsored by Zimbra, please download the webinar.

Corporate Data: A Protected Asset or a Ticking Time Bomb?
December 9, 2014, 10:00 am

In the pressure to be productive, many employees are putting confidential corporate information at risk. Is it possible to have both a productive workforce and a strong security posture? Our latest study, Corporate Data: A Protected Asset or a Ticking Time Bomb? discusses the dilemma facing IT practitioners charged with stopping data leakage and offers solutions on how to keep critical business information secure without diminishing the productivity of employees. We hope you will read the full report.

Can a data breach in the cloud result in a larger and more costly incident?
June 5, 2014, 9:00 am

Can a data breach in the cloud result in a larger and more costly incident? Our latest study,
Data Breach: The Cloud Multiplier Effect sponsored by Netskope reveals how the risk of a data breach in the cloud is multiplying. According to the IT and IT security practitioners participating in this study, the proliferation of mobile and other devices with access to cloud resources and more dependency on cloud services without the support of a strengthened cloud security posture and visibility of end user practices is making it difficult to stop the loss or theft of sensitive data in the cloud. We hope you will download the complete report at:

To register for the webinar featuring Dr. Larry Ponemon and Netskope Founder and CEO, Sanjay Beri, on July 16 at 1 PM EST, please click here:

Warmest regards,

Dr. Larry Ponemon

Records 21 - 30 of 82 — Jump to page First 1 2 3 4 5 6 7 8 9 Last
Security (23)
Privacy (22)
global security (1)
Providers (1)