Archive for the ‘Ponemon Institute’ Category

The Challenge of Preventing Browser-Borne Malware

February 26, 2015 Comments off

The Challenge of Preventing Browser-Borne Malware (PDF)
Source: Ponemon Institute

We surveyed 645 IT and IT security practitioners who are familiar and involved in their company’s efforts to detect and contain malware. Survey participants were from U.S. businesses with an average of more than 14,000 employees. All of the organizations represented in this research have built a multilayer defense-in-depth architecture in an effort to prevent these types of attacks.

Despite having such technologies in place, over the past 12 months, these organizations experienced an average of 51 security breaches because of a failure in malware detection technology. The findings also reveal the average cost to respond to and remediate just one security breach because of a failure in malware detection technology is approximately $62,000. This means organizations could have spent an average of $3.2 million to remediate a security breach caused by web-borne malware.

Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness

October 7, 2014 Comments off

Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness (PDF)
Source: Ponemon Institute/Experian
From press release:

Experian Data Breach Resolution, a leader in helping businesses plan for and mitigate consumer risk following data breach incidents, released a new study with the Ponemon Institute on data breach preparedness. The second annual study, Is Your Company Ready for a Big Data Breach?, found that executives are concerned about the effectiveness of their data breach response, despite taking the basic steps to be prepared.

Key findings from the study include:
• Companies understand the importance of data breach preparedness
With data breaches making headlines the world over, awareness for data security is at an all-time high and more companies are preparing with a data breach response plan.
• Data breaches are becoming ubiquitous with almost half (43 percent) of organizations surveyed having suffered at least one security incident, up 10 percent from 2013.
• As a result, more companies have a data breach response plan in place (73 percent), up 12 percent from 2013.
• Forty-eight percent of organizations increased investments in security technologies in the past 12 months.Confidence amongst senior executives to manage a data breach remains low

Despite increased security investment and having incident response plans in place, when asked in detail about the preparedness of their organization, survey respondents were not confident in how they would handle a major issue.
• Sixty-eight percent of respondents felt unprepared to respond to a data breach.
• Most haven’t or don’t regularly update their plan (78%) to account for changes in threats or as processes at a company change.
• Thirty percent of respondents felt their data breach response plan was ineffective.
• Concerns are not just operational. Many companies were more concerned about threats being harder to manage for IT security teams.

Executives recognize what needs to happen to improve their incident response
• The vast majority of executives (70 percent) surveyed want more oversight and participation from board members, chairman and CEO for data breach preparedness.
• Seventy-seven percent suggested more fire-drills to practice data breach response would help them be more prepared.
• Respondents ranked identity theft protection products and access to a call center as the two most important services a company should provide customers following a breach.
• Sixty-nine percent indicated additional funding as a major need to improve response activity.

Ponemon Institute and Raytheon Release New Study on the Insider Threat

May 30, 2014 Comments off

Ponemon Institute and Raytheon Release New Study on the Insider Threat
Source: Ponemon Institite and Raytheon

Well-publicized disclosures of highly sensitive information by wiki leaks and former NSA employee Edward Snowden have drawn attention and concern about the insider threat caused by privileged users. We originally conducted a study on this topic in 2011 and decided it was time to see if the risk of privileged user abuse has increased, decreased or stayed the same. Unfortunately companies have not made much progress in stopping this threat since then. Our latest study commissioned by Raytheon, “Privileged User Abuse & The Insider Threat,” looks at what companies are doing right and the vulnerabilities that need to be addressed with policies and technologies. One area that is a big problem is the difficulty in actually knowing if an action taken by an insider is truly a threat. Sixty-nine percent of respondents say they don’t have enough contextual information from security tools to make this assessment and 56 percent say security tools yield too many false positive.

Free registration required to access report.

2012 Cost of Cyber Crime Study

October 18, 2013 Comments off

2012 Cost of Cyber Crime Study
Source: Ponemon Institute

The purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time. We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

August 16, 2013 Comments off

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Source: Experian/Ponemon Institute

With the increasing cost and volume of data breaches, cyber security is quickly moving from being considered by business leaders as a purely technical issue to a larger business risk. This shift has spurred increased interest in cyber insurance to mitigate the cost of these issues. In a new study sponsored by Experian® Data Breach Resolution, Ponemon Institute surveyed risk management professionals across multiple sectors that have considered or adopted cyber insurance. Based on responses, many understand that security is a clear and present risk. Indeed a majority of companies now rank cyber security risks as greater than natural disasters and other major business risks.

Free registration required to access report.

Ponemon Study Indicates Organizational Data Breach Costs Hit $7.2 Million and Show No Sign of Leveling Off

March 15, 2011 Comments off

Ponemon Study Indicates Organizational Data Breach Costs Hit $7.2 Million and Show No Sign of Leveling Off
Source: Ponemon Institute

Symantec Corp. and the Ponemon Institute today released the findings of the 2010 Annual Study: U.S. Cost of a Data Breach, which reveals data breaches grew more costly for the fifth year in a row. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009. The study also found that for the second straight year organizations’ need to respond rapidly to data breaches drove the associated costs higher. The sixth annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 51 U.S. companies from 15 different industry sectors.

+ Full report and associated documents


Get every new post delivered to your Inbox.

Join 1,023 other followers