The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015

Size: px
Start display at page:

Download "The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015"

Transcription

1 The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

2 The State of Data Security Intelligence Ponemon Institute, April 2015 Part 1. Introduction Ponemon Institute is pleased to present the results of The State of Data Security Intelligence sponsored by Informatica. The purpose of this research is to learn how organizations are using data security intelligence to assess and minimize risks to their sensitive and confidential information on premise and in the cloud. We surveyed 1,663 Global IT and IT security practitioners in 18 countries and 16 industry sectors. To ensure a knowledgeable and quality response, only IT practitioners whose job involves the protection of sensitive or confidential information participated in this study. According to participants in this research, the most significant security problems they face is not knowing the location of sensitive data on premise and in the cloud and not being able to determine if that data is vulnerable to an attack or breach. They believe having the right technologies, including automated solutions that discover where sensitive data has proliferated, would increase their data security effectiveness. What keeps IT practitioners up at night? As shown in Figure 1, not knowing where sensitive or confidential data is located is their biggest worry, according to 64 percent of respondents. This concern has increased significantly from last year s study 1 when 57 percent of respondents said this was their biggest concern as well. This is followed by temporary worker or contractor mistakes (55 percent of respondents) and not knowing the data risk (52 percent of respondents). The research reveals why companies are in the dark about their data: Companies cannot assess the risk of 30 percent of sensitive information on premise and 54 percent in the cloud. Only 43 percent of companies have a common process to assess the risks to sensitive information on premise and 33 percent have such a process for the cloud. Only 19 percent of respondents say their companies are very confident in their ability to proactively respond to a new threat to sensitive data on premise and 18 percent say they are very confident they could do so in the cloud. Only 21 percent of respondents say their companies would be able to detect a data breach all the time. Only 22 percent of respondents say there is little risk that insiders would have too much access to data despite having a common process for tracking individuals who have access to sensitive information. 1 The State of Data Centric Security, conducted by Ponemon Institute and sponsored by Informatica, June Ponemon Institute Research Report Page 1

3 Part 2. Key findings In this section, we provide an analysis of the research. The complete audited research findings are presented in the appendix of this report. We have organized the findings according to the following topics: Knowing the location and risk to sensitive data on premise and in the cloud is critical What organizations are doing to assess the risk to sensitive or confidential data How the right data security intelligence can prevent a data breach Knowing the location and risk to sensitive data on premise and in the cloud is critical Uncertainty about the location and risk to data are in the top three reasons why it may be difficult to sleep. As shown in Figure 2, 64 percent of respondents say not knowing where sensitive data is and 52 percent not know the data risk worries them. Temporary worker or contractor mistakes are also a concern. Figure 2. With respect to your organization s state of data security, what keeps you up at night? Four choices permitted Not knowing where sensitive data is Temporary worker or contractor mistakes Not knowing the data risk Third party or outsourcer management of data Migration to new mobile platforms Migration to cloud ecosystem Hackers Non-compliance with laws or regulations Employee mistakes Broken business processes Personal identity theft Malicious employees Lack of data privacy controls 7% 7% 10% 26% 25% 23% 18% 18% 55% 52% 48% 47% 64% 0% 10% 20% 30% 40% 50% 60% 70% Ponemon Institute Research Report Page 2

4 Sensitive and confidential information is considered more at risk in the cloud. As shown in Figure 3, on average, 34 percent of an organization s sensitive and confidential information in the cloud is considered to be at risk. In contrast, 24 percent of an organization s sensitive and confidential information on premise is considered to be at risk. It is also more difficult to determine how much information in the cloud versus on premise is at risk. Respondents say they cannot assess the risk of 54 percent of all data stored in the cloud. In comparison, respondents are unable to determine the risk to 30 percent of all data stored on premises. Not knowing if their organizations sensitive or confidential information could be exposed or breached represents a significant security risk, according to 80 percent of respondents. On average, respondents believe 34 percent of all the data they collect, store and handle is considered sensitive or confidential. Figure 3. Sensitive and confidential information at risk and cannot be determined to be at risk on premise and in the cloud Extrapolated value 60% 54% 50% 40% 30% 30% 24% 34% 20% 10% 0% Percent of sensitive information that risk cannot be determined Data on premise Percent of sensitive information at risk Data in the cloud Ponemon Institute Research Report Page 3

5 Most organizations do not have a common process for assessing the risks to sensitive or confidential data. Figure 4 reveals the common processes organizations have in place to safeguard sensitive or confidential information. Only one-third of respondents say their organization has a common process for assessing the risks to sensitive data in the cloud and 43 percent of respondents say they have a process for assessing data on premise. Organizations are tracking individuals who have access to sensitive or confidential data, but will it prevent unauthorized access to sensitive information? As shown in the figure below, 70 percent of respondents say their organizations have a common process for tracking the individuals who have access to sensitive information on premise and 29 percent say they have a process for the cloud. Yet, only 22 percent of respondents say there is little risk that employees, temporary employees or contractors would have too much access to data (not shown in the figure). Most organizations are not taking steps to determine potential threats to sensitive information. Only 46 percent of respondents have a common process for discovering and classifying sensitive or confidential data on premise and 30 percent say they have this process for data in the cloud. Forty-six percent of respondents say they track changes in access patterns to identify unusual activity that could indicate a potential threat at a granular level for data on premise. However, only 19 percent of respondents say they use this process for data in the cloud. Similarly, 45 percent have a process for implementing new controls and preventative measures in the presence of a new threat and only 19 percent say they have this process for the cloud. Figure 4. What common processes are in place on premise and in the cloud to safeguard sensitive and confidential data? Yes response Tracking individuals who have access to sensitive or confidential data 29% 70% Tracking changes in access patterns to identify unusual activity to determine a potential threat 19% 46% Discovering and classifying sensitive or confidential data 30% 46% Implementing new controls and preventative measures in the presence of a new threat 19% 45% Assessing the risks to sensitive or confidential data 33% 43% 0% 10% 20% 30% 40% 50% 60% 70% 80% Data on premise Data in the cloud Ponemon Institute Research Report Page 4

6 What are the solutions most often used to assess the risks to data on premise? As shown in Figure 5, 44 percent say they use a homegrown solution followed by a vendor provided solution. For data in the cloud, 54 percent of respondents say they use a vendor provided solution. Only 19 percent say they use open source solutions for both on premise and the cloud. Figure 5. Solutions used for assessing the risks to sensitive or confidential data 60% 54% 50% 44% 40% 36% 30% 26% 20% 19% 19% 10% 0% Homegrown solution Vendor provided solution Open source solution 1% Other 2% Data on premise Data in the cloud Organizations are more confident of their ability to proactively respond to a new threat to sensitive data on premise than to sensitive data in the cloud. Figure 6 reveals that 52 percent of respondents say they are very confident or confident of their organizations ability to safeguard sensitive or confidential data on premise. However, only 40 percent of respondents say they have confidence in the ability to proactively respond to new threats. Figure 6. Confidence in proactively responding to a new threat on premise and in the cloud 70% 60% 50% 47% 60% 40% 33% 30% 20% 19% 18% 22% 10% 0% Very confident Confident Not confident Data on premise Data in the cloud Ponemon Institute Research Report Page 5

7 How prepared are organizations to detect a data breach? Only 21 percent of respondents say their organizations would be able to detect a data breach all the time. Fifty-five percent of respondents say their organizations had a least one data breach in the past 12 months. As shown in Figure 7, 70 percent of respondents believe it could have been avoided if certain processes and intelligence technologies were in place. Fifty-nine percent of these respondents believe the breach would have been avoided if they had more skilled personnel with data security responsibilities. Figure 7. How could organizations have avoided the data breach incidents they experienced in the last 12 months? Very likely and likely responses combined More effective data risk assessment and intelligence technologies 70% More skilled personnel with data security responsibilities 59% More processes or controls in place 53% A larger budget or spending level 53% 0% 10% 20% 30% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 6

8 How effective are organizations at managing, monitoring and enforcing acceptable uses of data? According to Figure 8, Only 32 percent of respondents say their organizations are very good or excellent at detecting and containing a data breach, 30 percent say they are good at managing data classification with prioritization well, track and audit (30 percent of respondents) and manage the access to sensitive personal and business information by role or location (27 percent). Figure 8. How well does your organization manage, monitor and enforce acceptable uses of data Excellent and very good responses combined Detect and contain data leakage and theft (data breach) 32% Monitor access rights based on job or role 31% Track and audit 30% Manage data classification with prioritization 30% Manage the access to sensitive personal and business information by role or location 27% 0% 5% 10% 15% 20% 25% 30% 35% Ponemon Institute Research Report Page 7

9 Automated solutions for discovering where sensitive data has proliferated and assessing the risk is believed to increase data security effectiveness. Sixty-two percent of respondents say they have an automated solution for discovering sensitive data in databases and enterprise applications and assessing the risk of data on premise. Only 33 percent of respondents say they have such a solution for data in the cloud, according to Figure 9. Forty-six percent of respondents say their organizations have such a solution in place for on premise sensitive data and 37 percent of respondents say they have it for data in the cloud. Figure 9. Does your organization use automated solutions to discover and assess risks on premise and in the cloud? Yes response Yes, to discover and assess the risk to sensitive data in databases and enterprise applications 33% 62% Yes, to discover and assess the risk to sensitive data 37% 46% 0% 10% 20% 30% 40% 50% 60% 70% Data on premise Data in the cloud Ponemon Institute Research Report Page 8

10 According to Figure 10, those respondents whose organizations do not have any automated solution for discovering sensitive data and assessing the risk believe it would increase their effectiveness for data on premise (77 percent of respondents) and data in the cloud (80 percent of respondents). Figure 10. Would automated solutions increase the effectiveness of your data security activities? Yes response 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 77% Data on premise 80% Data in the cloud The top data security tools in place today are data classification tools, monitoring tools and data classification. Data masking and data loss prevention are the least used to prevent data breaches, according to Figure 11. Figure 11. Data security technologies in place today More than one response Data classification 68% Monitoring tools 61% Encryption/tokenization 56% Data discovery Data risk analysis Forensic tools Data loss prevention 46% 45% 43% 42% Data masking 35% 0% 10% 20% 30% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 9

11 As shown in Figure 12, respondents believe the following capabilities would improve their organization s compliance and data protection posture: automated user access history with real time monitoring (75 percent, policy workflow automation (74 percent), automated data discovery and risk assessment (68 percent), aggregated view across geographies, datacenters and business units (64 percent) and technology diagnostics (64 percent). Figure 12. Would the following capabilities improve your company s compliance and data protection practices? Significant improvement and improvement combined Automated user access history with real time monitoring Policy workflow automation 75% 74% Automated data discovery and risk assessment Aggregated view across geographies, datacenters and business units Technology diagnostics 64% 64% 68% Integrated analysts and protection 55% Automated classification 53% Data flow diagrams to analyze data proliferation 51% 0% 10% 20% 30% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 10

12 Part 3. Differences across global regions In this section, we provide an analysis of the most interesting differences among countries represented in this research. Data in the dark is a problem for security practitioners globally. Figure 13 reveals the number one worry for all organizations represented in this research. European respondents are less concerned than others about migration to new mobile platforms but more concerned about third party management of data and non-compliance with laws and regulations. Respondents in the rest of the world (ROW) are more concerned about employee mistakes but less concerned with non-compliance with laws or regulations. Figure 13. What keeps security practitioners up at night? Not knowing where sensitive data is Temporary worker or contractor mistakes Not knowing the data risk Migration to new mobile platforms Third party management of data (including cloud) Migration to cloud ecosystem Hackers Non-compliance with laws or regulations Broken business processes Personal identity theft Employee mistakes Malicious employees Lack of data privacy controls 65% 59% 67% 55% 55% 54% 51% 52% 55% 50% 41% 50% 49% 55% 38% 29% 22% 27% 29% 19% 26% 21% 35% 12% 17% 16% 20% 13% 9% 7% 11% 15% 32% 7% 9% 6% 3% 13% 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% NA Europe ROW Ponemon Institute Research Report Page 11

13 Throughout the world, sensitive or confidential information is at greater risk in the cloud. As shown in Figure 14, when asked what percent of their organization s sensitive or confidential information is at risk, ROW has the highest average percentage (27 percent) on premise. North America has the highest percentage (36 percent) of sensitive or confidential information in the cloud. Figure 14. Sensitive and confidential information at risk on premise and in the cloud Extrapolated value 40% 35% 36% 33% 31% 30% 25% 24% 23% 27% 20% 15% 10% 5% 0% NA Europe ROW Data on premise Data in the cloud Globally all regions have a problem knowing the confidential information that is at risk. As shown in Figure 15, North American organizations say the risk to an average of 56 percent of such data cannot be determined. Figure 15. Percentage of risk to sensitive and confidential information on premise and in the cloud that cannot be determined Extrapolated value 60% 50% 56% 53% 51% 40% 30% 32% 27% 30% 20% 10% 0% NA Europe ROW Data on premise Data in the cloud Ponemon Institute Research Report Page 12

14 While more organizations have a common process for assessing on premise risks to sensitive or confidential information, fewer organizations are tackling the problem of determining risks to this data in the cloud, as shown in Figure 16. Figure 16. Does your organization have a common process for assessing risks to sensitive data? Extrapolated value 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 44% 45% 39% 33% 35% 29% NA Europe ROW Data on premise Data in the cloud Ponemon Institute Research Report Page 13

15 All the capabilities listed in Figure 17 are believed to improve an organization s compliance and data protection posture. However, North America and the ROW favors automated user access history with real time monitoring to improve their security posture. Europe is slightly more positive about policy workflow automation. Figure 17. Would the following capabilities improve your organization s compliance and data protection posture? Significant improvement and improvement combined Automated user access history with real time monitoring Policy workflow automation Automated data discovery and risk assessment Aggregated view across geographies, datacenters and business units Technology diagnostics Integrated analysts and protection Automated classification Data flow diagrams to analyze data proliferation 77% 69% 80% 75% 78% 69% 71% 65% 68% 69% 64% 56% 63% 67% 61% 60% 50% 53% 55% 55% 49% 48% 56% 50% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% NA Europe ROW Ponemon Institute Research Report Page 14

16 Part 4. Methods The global sampling frame is composed of 47,467 IT and IT security practitioners located in 18 countries, whose job involves the protection of sensitive or confidential information. As shown in Table 1, 1,811 respondents completed the survey. Screening removed 148 surveys. The final sample was 1,663 surveys (or a 3.5 percent response rate). Table 1. Sample response NA Europe ROW Global Total sampling frame 17,911 15,600 13,956 47,467 Total returns ,811 Rejected or screened surveys Final sample ,663 Response rate 3.8% 3.4% 3.3% 3.5% Pie Chart 1 reports the current position or organizational level of the respondents. More than half of respondents (60 percent) reported their current position as supervisory or above. Pie Chart 1. Current position within the organization 3% 4% 16% Executive/VP 37% Director Manager Supervisor 23% Staff/technician Contractor 16% Pie Chart 2 identifies the primary person the respondent or their supervisor reports to. Fifty-nine percent of respondents identified the CIO or head of corporate IT as the person they report to. Another 20 percent indicated they report directly to the CISO or head of IT security. Pie Chart 2. Direct reporting channel 1% 1% 20% 17% 59% CIO or head of corporate IT CISO/CSO or head of IT security Business unit leader or general manager CFO, controller or head of finance CPO or head of corporate privacy COO or head of operations CEO/executive committee Ponemon Institute Research Report Page 15

17 Forty-three percent of respondents reported their job scope or role is within corporate, as shown in Pie Chart 3. Another 36 percent identified support/service center as their job scope. Pie Chart 3. Job scope or role 4% 18% Corporate 43% Support/service center Line of business Other 36% According to Pie Chart 4, more than half of the respondents (53 percent) are from organizations with a global headcount of less than 5,000 employees. Pie Chart 4. Full-time headcount of the global organization 5% 7% 24% 14% Less than 1,000 1,000 than 5,000 5,001 to 10,000 21% 29% 10,001 to 25,000 25,001 to 75,000 More than 75,000 Ponemon Institute Research Report Page 16

18 Pie Chart 5 reveals the number of databases that are in use within the organization. More than half of respondents (58 percent) report having more than 5,000 databases in use. Pie Chart 5. Databases in use within the organization 8% 4% 19% Less than 1,000 18% 1,000 to 5,000 5,001 to 10,000 10,001 to 25,000 23% 25,001 to 75,000 More than 75,000 28% Pie Chart 6 reports the primary industry classification of respondents organizations. This chart identifies financial services (17 percent) as the largest segment, followed by public sector (12 percent), services (10 percent) and retail (10 percent). Pie Chart 6. Primary industry classification 4% 2% 3% Financial services 17% Public sector 4% Services 4% 5% 6% Retail Health & pharmaceutical Technology & software 12% Industrial Energy & utilities Consumer products 7% Transportation 10% Entertainment & media Communications 8% Hospitality 8% 10% Other Ponemon Institute Research Report Page 17

19 Part 5. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. Ponemon Institute Research Report Page 18

20 Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured in February Survey response NA Europe ROW Global Total sampling frame Total returns Rejected or screened surveys Final sample Response rate 3.8% 3.4% 3.3% 3.5% Part 1: Screening questions S1. Does your job involve the protection of sensitive or confidential business information? NA Europe ROW Global Yes 100% 100% 100% 100% No (Stop) 0% 0% 0% 0% S2. What best defines your job function? NA Europe ROW Global I am fully responsible for ensuring the protection and privacy of data in my organization 27% 20% 18% 22% I am partially responsible for ensuring the protection and privacy of data in my organization 37% 35% 32% 35% I am not responsible but involved in ensuring the protection and privacy of data in my organization 36% 45% 50% 43% I am not responsible and not involved in data protection activities within my organization (Stop) 0% 0% 0% 0% Part 2: Issues Q1a. What percent of your organization s sensitive and confidential information located on premises is at risk? NA Europe ROW Global Less than 5% 12% 15% 6% 11% 5% to 10% 22% 16% 14% 18% 11% to 20% 27% 25% 29% 27% 21% to 30% 10% 15% 18% 14% 31% to 40% 9% 13% 10% 11% 41% to 50% 6% 6% 9% 7% 51% to 60% 5% 4% 7% 5% 61% to 70% 5% 4% 3% 4% 71% to 80% 3% 2% 3% 3% 81% to 90% 1% 0% 1% 1% 91% to 100% 0% 0% 0% 0% Extrapolated value 24% 23% 27% 24% Ponemon Institute Research Report Page 19

21 Q1b. What percent of your organization s sensitive and confidential information located on premises are you unable to determine is at risk? NA Europe ROW Global Less than 5% 4% 6% 8% 6% 5% to 10% 14% 16% 14% 15% 11% to 20% 21% 24% 18% 21% 21% to 30% 16% 20% 18% 18% 31% to 40% 16% 12% 15% 14% 41% to 50% 7% 6% 11% 8% 51% to 60% 5% 7% 4% 5% 61% to 70% 8% 4% 7% 6% 71% to 80% 5% 3% 2% 4% 81% to 90% 4% 2% 2% 3% 91% to 100% 0% 0% 1% 0% Extrapolated value 32% 27% 30% 30% Q1c. What percent of your organization s sensitive and confidential information in the cloud is at risk? NA Europe ROW Global Less than 5% 0% 2% 0% 1% 5% to 10% 12% 15% 12% 13% 11% to 20% 11% 16% 19% 15% 21% to 30% 15% 13% 20% 16% 31% to 40% 21% 19% 19% 20% 41% to 50% 15% 16% 15% 15% 51% to 60% 14% 9% 8% 11% 61% to 70% 8% 6% 5% 7% 71% to 80% 4% 2% 2% 3% 81% to 90% 0% 2% 0% 1% 91% to 100% 0% 0% 0% 0% Extrapolated value 36% 33% 31% 34% Q1d. What percent of your organization s sensitive and confidential information in the cloud are you unable to determine is at risk? NA Europe ROW Global Less than 5% 0% 0% 0% 0% 5% to 10% 1% 0% 1% 1% 11% to 20% 3% 3% 1% 2% 21% to 30% 6% 9% 10% 8% 31% to 40% 10% 14% 15% 13% 41% to 50% 15% 19% 16% 17% 51% to 60% 19% 19% 21% 20% 61% to 70% 26% 18% 26% 23% 71% to 80% 11% 11% 8% 10% 81% to 90% 6% 4% 1% 4% 91% to 100% 3% 3% 1% 2% Extrapolated value 56% 53% 51% 54% Ponemon Institute Research Report Page 20

22 Q2. If your organization had a data breach, would you be able to detect it? NA Europe ROW Global Yes, all the time 20% 25% 19% 21% Yes, most of the time 30% 36% 35% 33% Yes, some of the time 35% 32% 29% 32% No 15% 7% 17% 13% Attributions: Please rate your opinion to each item using the scale provided below the statement about sensitive or confidential data. Strongly agree and Agree response combined. NA Europe ROW Global Q3a. Not knowing if my organization s sensitive or confidential information could be exposed or breached represents a significant security risk. 82% 80% 78% 80% Q3b. In my organization, securing and/or protecting data is a high priority. 55% 62% 51% 56% Q3c. In my organization, there is little risk that employees, temporary employees or contractors would have too much access to data. 20% 22% 26% 22% Q3d. In my organization, access to sensitive data is controlled by role, location and/or other factors. 46% 45% 40% 44% Q4. In the context of data loss or theft, what types of data do you consider to be most at risk in your organization? Please select your top two choices. NA Europe ROW Global Customer records 67% 51% 55% 59% Payment information 29% 19% 33% 27% Consumer records 14% 22% 22% 19% Employee records 23% 40% 20% 28% Finance & accounting information 6% 9% 12% 9% Business intelligence 33% 35% 23% 31% s & attachments 26% 21% 30% 26% Other (please specify) 2% 3% 5% 3% Total 200% 200% 200% 200% Q5. What percentage of your organization s data is considered sensitive or confidential? NA Europe ROW Global Less than 5% 0% 0% 7% 2% 5% to 10% 15% 7% 13% 12% 11% to 20% 16% 7% 31% 17% 21% to 30% 16% 12% 16% 15% 31% to 40% 23% 21% 12% 19% 41% to 50% 16% 16% 9% 14% 51% to 60% 5% 15% 8% 9% 61% to 70% 6% 11% 2% 6% 71% to 80% 2% 5% 1% 3% 81% to 90% 1% 3% 1% 2% 91% to 100% 0% 3% 0% 1% Extrapolated value 32% 44% 25% 34% Ponemon Institute Research Report Page 21

23 Q6. Who has primary accountability for assessing the organization s readiness for preventing a data breach involving sensitive or confidential information? Please check only two responses. NA Europe ROW Global Information technology department 58% 79% 90% 74% Information security department 19% 13% 13% 15% Legal or compliance department 16% 31% 10% 19% Enterprise risk management 39% 31% 31% 34% Business unit managers 55% 29% 46% 44% Data/application owners 8% 10% 7% 8% Privacy office 5% 8% 3% 5% Other (please specify) 0% 0% 0% 0% Total 200% 200% 200% 200% Q7a. Does your organization have a common process for assessing the risks to sensitive or confidential data? Yes response NA Europe ROW Global Data on premise 44% 45% 39% 43% Data in the cloud 33% 35% 29% 33% Q7b. If yes, what solutions does your organization use for assessing the risks to sensitive or confidential data? Yes response Q7b-1. Data on premise NA Europe ROW Global Homegrown solution 36% 46% 55% 44% Vendor provided solution 45% 31% 30% 36% Open source solution 19% 21% 15% 19% Other (please specify) 0% 2% 0% 1% Q7b-2. Data in the cloud NA Europe ROW Global Homegrown solution 23% 21% 36% 26% Vendor provided solution 56% 54% 50% 54% Open source solution 19% 22% 14% 19% Other (please specify) 2% 3% 0% 2% Q8. Does your organization have a common process for discovering and classifying sensitive or confidential data? Yes response NA Europe ROW Global Data on premise 45% 50% 44% 46% Data in the cloud 30% 32% 26% 30% Q9. Does your organization have a common process for tracking the individuals who have access to sensitive or confidential data? Yes response NA Europe ROW Global Data on premise 73% 70% 66% 70% Data in the cloud 30% 31% 25% 29% Ponemon Institute Research Report Page 22

24 Q10. Does your organization have a common process for tracking changes in access patterns to identify unusual activity that could indicate a potential threat at a granular level? Yes response NA Europe ROW Global Data on premise 50% 46% 39% 46% Data in the cloud 21% 20% 16% 19% Q11. Does your organization have a common process for implementing new controls and preventative measures in the presence of a new threat? Yes response NA Europe ROW Global Data on premise 51% 45% 36% 45% Data in the cloud 20% 19% 19% 19% Q12. How confident are you that your organization has the ability to proactively respond to a new threat? Q12a. Data on premise NA Europe ROW Global Very confident 18% 19% 21% 19% Confident 33% 36% 31% 33% Not confident 49% 45% 48% 47% Q12b. Data in the cloud NA Europe ROW Global Very confident 16% 18% 20% 18% Confident 22% 24% 21% 22% Not confident 62% 58% 59% 60% Q13. How well does your organization manage, monitor and enforce the acceptable uses of data? Please use the following five-point scale to rate 12 security practices provided: 1 = excellent, 2 = very good, 3 = good, 4 = fair, and 5 = poor. Excellent and Very Good response combined. NA Europe ROW Global Manage data classification with prioritization 30% 33% 27% 30% Monitor access rights based on job or role 32% 30% 29% 31% Manage the access to sensitive personal and business information by role or location 29% 25% 26% 27% Manage access changes based on user needs 41% 44% 47% 44% Revoke data access rights upon an employee s termination 45% 48% 42% 45% Enforce data access policies in a consistent fashion 37% 43% 39% 39% Monitor data access of privileged users 52% 56% 60% 55% Monitor segregation of duties 63% 65% 65% 64% Monitor data transfers to and from third-party locations 50% 43% 52% 48% Monitor data transfers to and from the cloud 39% 41% 44% 41% Educate end-users about data access and control policies 52% 55% 51% 53% Detect and contain data leakage and theft (data breach) 35% 30% 29% 32% Protect sensitive data through encryption, masking, tokenization or other cryptologic solutions 38% 44% 45% 42% Track and audit 29% 30% 33% 30% Ponemon Institute Research Report Page 23

The State of Data Centric Security

The State of Data Centric Security The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security

More information

Data Breach: The Cloud Multiplier Effect

Data Breach: The Cloud Multiplier Effect Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:

More information

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving

More information

The SQL Injection Threat Study

The SQL Injection Threat Study The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

The Unintentional Insider Risk in United States and German Organizations

The Unintentional Insider Risk in United States and German Organizations The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research

More information

Global Insights on Document Security

Global Insights on Document Security Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security

More information

Reputation Impact of a Data Breach U.S. Study of Executives & Managers

Reputation Impact of a Data Breach U.S. Study of Executives & Managers Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon

More information

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction

More information

2014: A Year of Mega Breaches

2014: A Year of Mega Breaches 2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

Security of Cloud Computing Users Study

Security of Cloud Computing Users Study Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part

More information

Understanding Security Complexity in 21 st Century IT Environments:

Understanding Security Complexity in 21 st Century IT Environments: Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted

More information

Security Metrics to Manage Change: Which Matter, Which Can Be Measured?

Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:

More information

The Challenge of Preventing Browser-Borne Malware

The Challenge of Preventing Browser-Borne Malware The Challenge of Preventing Browser-Borne Malware Sponsored by Spikes Security Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1.

More information

The SQL Injection Threat & Recent Retail Breaches

The SQL Injection Threat & Recent Retail Breaches The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &

More information

Data Security in the Evolving Payments Ecosystem

Data Security in the Evolving Payments Ecosystem Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April

More information

The Cost of Web Application Attacks

The Cost of Web Application Attacks The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

A Study of Retail Banks & DDoS Attacks

A Study of Retail Banks & DDoS Attacks A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of

More information

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction

More information

The Security Impact of Mobile Device Use by Employees

The Security Impact of Mobile Device Use by Employees The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security

More information

Corporate Data: A Protected Asset or a Ticking Time Bomb?

Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate

More information

The State of Mobile Application Insecurity

The State of Mobile Application Insecurity The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute

More information

Privileged User Abuse & The Insider Threat

Privileged User Abuse & The Insider Threat Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon

More information

Defining the Gap: The Cybersecurity Governance Study

Defining the Gap: The Cybersecurity Governance Study Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining

More information

Challenges of Cloud Information

Challenges of Cloud Information The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research

More information

Third Annual Study: Is Your Company Ready for a Big Data Breach?

Third Annual Study: Is Your Company Ready for a Big Data Breach? Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

The State of USB Drive Security

The State of USB Drive Security The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research

More information

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc. Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.

More information

2015 Global Study on IT Security Spending & Investments

2015 Global Study on IT Security Spending & Investments 2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming

More information

Electronic Health Information at Risk: A Study of IT Practitioners

Electronic Health Information at Risk: A Study of IT Practitioners Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication

More information

Breaking Bad: The Risk of Insecure File Sharing

Breaking Bad: The Risk of Insecure File Sharing Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

Compliance Cost Associated with the Storage of Unstructured Information

Compliance Cost Associated with the Storage of Unstructured Information Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report

More information

Advanced Threats in Retail Companies: A Study of North America & EMEA

Advanced Threats in Retail Companies: A Study of North America & EMEA Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report

More information

The Role of Governance, Risk Management & Compliance in Organizations

The Role of Governance, Risk Management & Compliance in Organizations The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication

More information

Achieving Data Privacy in the Cloud

Achieving Data Privacy in the Cloud Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute

More information

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013 The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach

More information

National Survey on Data Center Outages

National Survey on Data Center Outages National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,

More information

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners 0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on

More information

The Fraud Report: How Fake Users Are Impacting Business

The Fraud Report: How Fake Users Are Impacting Business The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

State of Web Application Security U.S. Survey of IT & IT security practitioners

State of Web Application Security U.S. Survey of IT & IT security practitioners State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon

More information

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication

More information

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part

More information

Cyber Security on the Offense: A Study of IT Security Experts

Cyber Security on the Offense: A Study of IT Security Experts Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report

More information

Cyber Threat Intelligence: Has to Be a Better Way

Cyber Threat Intelligence: Has to Be a Better Way Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging

More information

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon

More information

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral

More information

2015 Global Cyber Impact Report

2015 Global Cyber Impact Report 2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015

More information

State of IT Security Study of Utilities & Energy Companies

State of IT Security Study of Utilities & Energy Companies State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of

More information

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.

More information

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

2015 Global Megatrends in Cybersecurity

2015 Global Megatrends in Cybersecurity 2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in

More information

Enhancing Cybersecurity with Big Data: Challenges & Opportunities

Enhancing Cybersecurity with Big Data: Challenges & Opportunities Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The

More information

Security of Cloud Computing Users A Study of Practitioners in the US & Europe

Security of Cloud Computing Users A Study of Practitioners in the US & Europe Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report

More information

Encryption in the Cloud

Encryption in the Cloud Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute

More information

Third Annual Survey on Medical Identity Theft

Third Annual Survey on Medical Identity Theft Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:

More information

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013 2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon

More information

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute

More information

How Much Is the Data on Your Mobile Device Worth?

How Much Is the Data on Your Mobile Device Worth? How Much Is the Data on Your Mobile Device Worth? Sponsored by Lookout Independently conducted by Ponemon Institute LLC Publication Date: January 2016 Ponemon Institute Research Report Part 1. Introduction

More information

Privacy and Security in a Connected Life: A Study of European Consumers

Privacy and Security in a Connected Life: A Study of European Consumers Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research

More information

State of SMB Cyber Security Readiness: UK Study

State of SMB Cyber Security Readiness: UK Study State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction

More information

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009 Sponsored by Symantec Corporation Ponemon

More information

The TCO of Software vs. Hardware-based Full Disk Encryption Summary

The TCO of Software vs. Hardware-based Full Disk Encryption Summary The TCO of vs. -based Full Disk Encryption Summary Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research Report

More information

2010 Access Governance Trends Survey

2010 Access Governance Trends Survey 2010 Access Governance Trends Survey Sponsored by Aveksa Independently conducted by Ponemon Institute LLC Publication Date: April 19, 2010 Ponemon Institute Research Report I. Executive Summary 2010 Access

More information

IBM QRadar Security Intelligence: Evidence of Value

IBM QRadar Security Intelligence: Evidence of Value IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:

More information

2013 Study on Data Center Outages

2013 Study on Data Center Outages 2013 Study on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: September 2013 2013 Study on Data Center Outages Ponemon Institute, September 2013 Part 1. Introduction

More information

The Human Factor in Data Protection

The Human Factor in Data Protection The Human Factor in Data Protection Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report The Human Factor in Data Protection

More information

The Aftermath of a Data Breach: Consumer Sentiment

The Aftermath of a Data Breach: Consumer Sentiment The Aftermath of a Data Breach: Consumer Sentiment Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research

More information

2015 State of the Endpoint Report: User-Centric Risk

2015 State of the Endpoint Report: User-Centric Risk 2015 State of the Endpoint Report: User-Centric Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report 2015 State

More information

2013 State of the Endpoint

2013 State of the Endpoint 2013 State of the Endpoint Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report 2013 State of the Endpoint Ponemon Institute:

More information

2015 Cost of Data Breach Study: United States

2015 Cost of Data Breach Study: United States 2015 Cost of Data Breach Study: United States Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report 2015 1 Cost of Data Breach

More information

2012 Global Encryption Trends Study

2012 Global Encryption Trends Study 2012 Global Encryption Trends Study Organizations continue to increase their deployment of encryption across the enterprise in response to diverse threats and commercial imperatives Sponsored by Thales

More information

2013 Cost of Data Center Outages

2013 Cost of Data Center Outages 2013 Cost of Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Part 1. Executive Summary 2013 Cost of Data Center Outages Ponemon Institute, December

More information

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute Research Report

More information

Economic impact of privacy on online behavioral advertising

Economic impact of privacy on online behavioral advertising Benchmark study of Internet marketers and advertisers Independently Conducted by Ponemon Institute LLC April 30, 2010 Ponemon Institute Research Report Economic impact of privacy on online behavioral advertising

More information

The Economic and Productivity Impact of IT Security on Healthcare

The Economic and Productivity Impact of IT Security on Healthcare The Economic and Productivity Impact of IT Security on Healthcare Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: May 2013 Ponemon Institute Research Report The

More information