Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.



Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
August 22, 2013, 12:00 am

We are pleased to announce the release of a new study, Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age. With the increasing cost and volume of data breaches, cyber security is quickly moving from being considered by business leaders as a purely technical issue to a larger business risk. This shift has spurred increased interest in cyber insurance to mitigate the cost of these issues. For the full report, please click here.

Live Threat Intelligence Impact Report 2013
July 26, 2013, 10:00 am

We are pleased to announce the release of a new study, Live Threat Intelligence Impact Report 2013, that reveals the facts behind the impact that weak intelligence can have on organizations and why the ability to quickly gather, analyze and use actionable intelligence is essential to cyber defense. According to the study sponsored by Norse, the companies that seem to be most successful in thwarting compromises to networks and enterprise systems say the optimal age of actionable intelligence is no longer than 4.6 minutes. To learn more about the value of immediate and live intelligence, we hope you will read the full report. To access click here.

The Risk of Regulated Data on Mobile Devices & in the Cloud
June 27, 2013, 9:00 am

We are pleased to announce the release of a new Ponemon Institute study sponsored by WatchDox. If you ever worry about an employee downloading confidential, regulated data on their own personal mobile device you need to read our report. To obtain a copy click here.

The State of Risk Based Security Management
June 25, 2013, 9:00 am


Ponemon Institute and Tripwire continue to study the state of risk-based security management. This annual study is conducted to understand the level of maturity of RBSM. In this year's study, we are especially interested in understanding the communication barriers that may be hindering companies ability to advance to more robust programs. One question that focuses on these barriers is whether RBSM an art or a science. To find out what our survey respondents think click here. Access the research: The Second Annual Study on the State of Risk-based Security Management


Security of Cloud Computing Users 2013 Study
March 5, 2013, 9:00 am


Today we are releasing a very interesting follow up study on how organizations are improving--or not--their cloud security practices. The Security of Cloud Computing Users study shows that when it comes to cloud computing the glass may be half full or half empty because only half or less of respondents have positive perceptions about how their organizations are adopting cloud security best practices and creating confidence in cloud services used within their organization. A significant finding is that only 50 percent of respondents are engaging their security team (always or most of the time) in determining the use of cloud services. We hope you will read the complete report to learn about changes in cloud computing security. Access the full Ponemon Research: 2013 Security of Cloud Computing Users Study
Highlights: View key takeaways in this infographic

Risk of Insider Fraud: Second Annual Study
February 28, 2013, 8:00 am

Today we released a new study entitled the Risk of Insider Fraud: Second Annual Study . The research reveals that the number of employee-related incidents of fraud continues to remain high. However, only 44 percent of IT and IT security practitioners say their organization views the prevention of insider fraud as a top security priority and this perception has declined since we first conducted this study in 2011. Contributing to the insider risk is BYOD, employee access of enterprise systems from remote locations and lack of security protocols over edge devices. Some suggestions to address these risks include making training and awareness an important component of a security initiative and monitoring access privileges. These privileges also need to be appropriate for the employees’ role and responsibility. We hope you will read the full report that discusses the challenges organizations face in minimizing the risk of the malicious and negligent insider. To find out more, visit

The Post Breach Boom
February 26, 2013, 8:00 am

Data breaches have become a fact of life for organizations of all sizes, in every industry and in many parts of the globe. While many organizations anticipate that at some point a non-malicious or malicious data breach will occur, the focus of this study is to understand the steps organizations are taking to deal with the aftermath of a breach or what we call the Post Breach Boom. Sponsored by Solera Networks, we conducted The Post Breach Boom study to understand the differences between non-malicious and malicious data breaches and what lessons are to be learned from the investigation and forensics activities organizations conduct following the loss or theft of sensitive and confidential information. The majority of respondents in this study believe it is critical that a thorough post-breach analysis and forensic investigation be conducted following either a non-malicious or malicious security breach. To download the report, please click here.

Efficacy of Emerging Network Security Technologies
February 25, 2013, 8:00 am


One of our latest studies is the Efficacy of Emerging Network Security Technologies our objective is to learn about organizations’ use and perceptions about emerging network security technologies and their ability to address serious security threats.  The emerging technologies examined in this study include next generation firewalls, intrusion prevention systems with reputation feeds and web application firewalls. Some interesting findings include:  Securing web traffic is by far the most significant network security concern for the majority of organizations. However, the majority of respondents say network security technologies fall short of vendors’ promises. Almost half (48 percent) of respondents agree that emerging network security technologies are not effective in minimizing attacks that aim to bring down web applications or curtail gratuitous Internet traffic. To read a copy of the report please click


Understanding the Methodology and Staggering Costs in the Annual Cost of Failed Trust Report
February 21, 2013, 12:00 am

Some staggering numbers

Every Global 2000 enterprise faces a total exposure of almost U.S. $400 million over 24 months due to new and evolving attacks on failed cryptographic key and digital certificate management. And adjusting for probability established by survey participants, we found every enterprise risks losing $35 million.
This findings cap our First Annual Cost of Failed Trust Report: Trusts and Attacks, which quantifies, for the first time, the financial impact of impact of new threats and attacks on our ability to control trust.

Complete study is available -

2012 Most Trusted Companies for Privacy
January 28, 2013, 9:00 am

Do we still care about privacy? According to our annual study on privacy trust, more and more of us do care. Our biggest privacy concerns are the fear of identity theft and government intrusions into our personal lives. 

Records 41 - 50 of 82 — Jump to page First 1 2 3 4 5 6 7 8 9 Last
Security (23)
Privacy (22)
global security (1)
Providers (1)