Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.



Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

The Road to Data Breach is Paved with Good Intentions
April 19, 2010, 12:25 pm

We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies.

Yes, I said complacency.

Oh, don’t get me wrong: most organizations have good intentions with regard to data protection, but we all know where the road paved with good intentions leads.

Here are two key findings we learned through the new study:

  • Although 70 percent of both organizations and individual respondents agreed that organizations should secure individuals’ personal information, disclose how they use it and deal with the ramifications of losing it, nearly half were ambivalent about granting individuals control over their personal information, did not place a high priority on several critical aspects of consumer privacy and did not believe typical privacy practices were important.
  • While 58 percent of organizations experienced at least one security breach in the past two years, 31 percent did not. The group that had no breaches displayed some substantial differences in attitudes and policies regarding data privacy and protection. In particular, they demonstrated the belief that individuals have substantial rights to manage, correct and control their personal information and to understand how such information is being used. They also were more likely to feel a stronger obligation to uphold data privacy and protection, and to have policies that make the protection of sensitive data a high priority. Furthermore, organizations with no breaches tend to take a stricter view of appropriate uses of personal information—for instance, being far less likely to believe it is appropriate to sell personal data for profit.

This suggests a strong correlation between an organization’s level of respect for an individual’s personal data and the likelihood that the organization will suffer a data breach.

By establishing an environment within an organization that encourages employees to see data as an extension of the customer and not merely something owned by the company, thereby fostering the development of a “culture of caring,” data privacy and information security programs become more effective.

To download a copy of the report, please visit the Accenture website.

2010 Security in the Trenches
April 14, 2010, 10:23 am

We just completed a survey of federal IT security professionals to examine the data protection posture of government agencies. Through the survey, sponsored by CA, we wanted to see whether or not there is consistency in the perception of rank-and-file employees and executive management as it pertains to the safeguarding of sensitive information, regulatory compliance, and the day-to-day management and execution of a security program.

Training Is the Strongest Link
December 10, 2009, 3:50 pm

Today we held a RIM College event featuring three noted experts in corporate privacy training programs -- namely, Dean Forbes (Merck), Bob Posch (Merck) and John Block (Media Pro).  Our focus is: what are leading companies doing to achieve awareness and knowledge about privacy and data protection requirements?

Sophos & Ponemon Institute Announces New Study
December 5, 2009, 3:22 pm

We are pleased to present The State of Privacy and Data Security Compliance study conducted by Ponemon Institute and sponsored by Sophos. The purpose of the study is to determine if various international, federal and state data security laws improve an organization’s security posture. What is the value of compliance and does it correlate with the value of the compliance effort?

Crowe Horwath & Ponemon release HITECH study
November 21, 2009, 11:49 am

I am delighted to share with you our recently completed benchmark study that focuses on healthcare organizations and their ability to comply with new regulations. Of 77 participating covered entities and business associates, 27% percent have not started or are barely aware of what they need to do, 32% are waiting for more details, 14% have a plan but are waiting for more details, and 21% are just starting to act.  This data was collected from June through October 2009. If you are affected by the HITECH Act, this benchmark study may be helpful to you.

eGov Initiative Not Without Risk to Citizen Data
November 19, 2009, 7:36 am

The eGovernment movement is a good thing, and maybe too long in coming given how many years businesses have been taking advantage of technology to provide convenience and a higher quality of service to their customers. Constituent services have been available online for years, certainly, but only recently has the effort to modernize government been policy.

The Goal is Credibility
August 31, 2009, 2:20 pm

I want to share an article with you that I think has a tremendous lesson for anyone in the business of building trust.  The article is from a recent edition of Foreign Policy (reprinted from Joint Force Quarterly), but don't let the source put you off.  Admiral Michael G. Mullen, chairman of the Joint Chiefs of Staff, writes about what it takes to establish credibility and build trust.

Admiral Mullen's perspective is different from yours and mine, but there are nuggets here that are vital no matter what your business.


Archer-Ponemon Treaty for Data Governance
July 21, 2009, 4:10 pm

I’m still processing a lot of the information gathered, shared, and created during our 8th RIM Renaissance this past weekend in Minneapolis. One of our sessions focused on the creation of an information governance “treaty” that holds various organizational members to a high standard (consistent with our RIM principles). Please review the following draft document and let me know what you think.

Thank You, Friends of the Ponemon Institute!
July 20, 2009, 3:36 pm

A warm thank you to everyone who made this past weekend's RIM Renaissance a success.  The discussions were lively and productive, and I think we all came away just a little bit smarter as a result of the candor.  We do appreciate the enthusiasm that seems to pervade these events, and the willingness to put aside your valuable time to join with us on these annual occasions, as well as the ongoing conversations that take place throughout the year.

What We have here is, Failure to Communicate
July 14, 2009, 3:38 pm

Privacy pro: Do you ever feel like you are working overtime to meet overly ambitious expectations? Are you frustrated by your attempts to outline a plan for protecting sensitive personal information only to get the sense that you are talking to a brick wall?

CEO: Are you puzzled as to why the people your company has hired to address security and privacy concerns never seem to meet the objectives you have for them? Are you flummoxed by the fact that the investments you’ve made in data security aren’t helping to stem the tide of data loss? 

Records 71 - 80 of 82 — Jump to page First 1 2 3 4 5 6 7 8 9 Last
Security (23)
Privacy (22)
global security (1)
Providers (1)