Archive for the ‘Ponemon Institute’ Category

Criminal attacks are now leading cause of healthcare breaches

May 20, 2015 Comments off

Criminal attacks are now leading cause of healthcare breaches
Source: Ponemon Institute

The Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, sponsored by ID Experts, reveals a shift in the root cause of data breaches from accidental to intentional. Criminal attacks are up 125% compared to five years ago replacing lost laptops as the leading threat. The study also found most organizations are unprepared to address new threats and lack adequate resources to protect patient data

free registration required2

2015 Global Cyber Impact Report

May 15, 2015 Comments off

2015 Global Cyber Impact Report
Source: Aon and Ponemon Institute

Ponemon Institute global study, sponsored by Aon, identifies the relative financial statement impact of cyber incidents compared to tangible asset vulnerabilities.

Key findings:

  • Information technology assets are 39 percent more exposed than property assets on a relative value to insurance protection basis
  • Proliferation of mobile devices and Internet of Things to send cyberrisk skyrocketing over next five years
  • The report’s findings act as a roadmap for risk managers and finance, helping them take a broader look at their organization’s overall risk profile

free registration required2

Global Research from Accenture and Ponemon Institute Quantifies How Proactive Cyber Security Strategies Can Improve Security Effectiveness

April 10, 2015 Comments off

Global Research from Accenture and Ponemon Institute Quantifies How Proactive Cyber Security Strategies Can Improve Security Effectiveness
Source: Accenture/Ponemon Institute

New research from Accenture (NYSE: ACN) and the Ponemon Institute sheds light on the success factors of companies that have improved their cyber security strategies, resulting in quantifiable business benefits. The research shows that proactive strategies can improve and expand on value delivered to the business.

Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent. The report, “The Cyber Security Leap: From Laggard to Leader,” looks at how companies can achieve better security performance while facing an ever-changing number of threats and is the result of a collaborative study conducted by Accenture and the Ponemon Institute.

The research focused on organizations that fit into one of two categories based on how they address security: ‘Leapfrog’ companies, which align security with business goals, focus on security innovation and proactively address potential cyber security threats; and ‘Static’ companies, which focus more on cyber security threat prevention and compliance.

For instance, 70 percent of Leapfrog companies have a company-sanctioned security strategy, compared with just 55 percent of Static companies. In addition, the report’s probability estimates indicate that the perceived likelihood of material data breaches have decreased over time by 36 percent for Leapfrog companies but only by 5 percent for Static companies.

The Challenge of Preventing Browser-Borne Malware

February 26, 2015 Comments off

The Challenge of Preventing Browser-Borne Malware (PDF)
Source: Ponemon Institute

We surveyed 645 IT and IT security practitioners who are familiar and involved in their company’s efforts to detect and contain malware. Survey participants were from U.S. businesses with an average of more than 14,000 employees. All of the organizations represented in this research have built a multilayer defense-in-depth architecture in an effort to prevent these types of attacks.

Despite having such technologies in place, over the past 12 months, these organizations experienced an average of 51 security breaches because of a failure in malware detection technology. The findings also reveal the average cost to respond to and remediate just one security breach because of a failure in malware detection technology is approximately $62,000. This means organizations could have spent an average of $3.2 million to remediate a security breach caused by web-borne malware.

Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness

October 7, 2014 Comments off

Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness (PDF)
Source: Ponemon Institute/Experian
From press release:

Experian Data Breach Resolution, a leader in helping businesses plan for and mitigate consumer risk following data breach incidents, released a new study with the Ponemon Institute on data breach preparedness. The second annual study, Is Your Company Ready for a Big Data Breach?, found that executives are concerned about the effectiveness of their data breach response, despite taking the basic steps to be prepared.

Key findings from the study include:
• Companies understand the importance of data breach preparedness
With data breaches making headlines the world over, awareness for data security is at an all-time high and more companies are preparing with a data breach response plan.
• Data breaches are becoming ubiquitous with almost half (43 percent) of organizations surveyed having suffered at least one security incident, up 10 percent from 2013.
• As a result, more companies have a data breach response plan in place (73 percent), up 12 percent from 2013.
• Forty-eight percent of organizations increased investments in security technologies in the past 12 months.Confidence amongst senior executives to manage a data breach remains low

Despite increased security investment and having incident response plans in place, when asked in detail about the preparedness of their organization, survey respondents were not confident in how they would handle a major issue.
• Sixty-eight percent of respondents felt unprepared to respond to a data breach.
• Most haven’t or don’t regularly update their plan (78%) to account for changes in threats or as processes at a company change.
• Thirty percent of respondents felt their data breach response plan was ineffective.
• Concerns are not just operational. Many companies were more concerned about threats being harder to manage for IT security teams.

Executives recognize what needs to happen to improve their incident response
• The vast majority of executives (70 percent) surveyed want more oversight and participation from board members, chairman and CEO for data breach preparedness.
• Seventy-seven percent suggested more fire-drills to practice data breach response would help them be more prepared.
• Respondents ranked identity theft protection products and access to a call center as the two most important services a company should provide customers following a breach.
• Sixty-nine percent indicated additional funding as a major need to improve response activity.

Ponemon Institute and Raytheon Release New Study on the Insider Threat

May 30, 2014 Comments off

Ponemon Institute and Raytheon Release New Study on the Insider Threat
Source: Ponemon Institite and Raytheon

Well-publicized disclosures of highly sensitive information by wiki leaks and former NSA employee Edward Snowden have drawn attention and concern about the insider threat caused by privileged users. We originally conducted a study on this topic in 2011 and decided it was time to see if the risk of privileged user abuse has increased, decreased or stayed the same. Unfortunately companies have not made much progress in stopping this threat since then. Our latest study commissioned by Raytheon, “Privileged User Abuse & The Insider Threat,” looks at what companies are doing right and the vulnerabilities that need to be addressed with policies and technologies. One area that is a big problem is the difficulty in actually knowing if an action taken by an insider is truly a threat. Sixty-nine percent of respondents say they don’t have enough contextual information from security tools to make this assessment and 56 percent say security tools yield too many false positive.

Free registration required to access report.

2012 Cost of Cyber Crime Study

October 18, 2013 Comments off

2012 Cost of Cyber Crime Study
Source: Ponemon Institute

The purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time. We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.