Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin

Size: px
Start display at page:

Download "Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin"

Transcription

1 Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

2 Part 1. Introduction Risk & Innovation in Cybersecurity Investments Ponemon Institute, April 2015 Ponemon Institute is pleased to present the results of Risk & Innovation in Cybersecurity Investments, an industry survey sponsored by Lockheed Martin. The purpose of this research is to understand how people, processes and the desire to be innovative affect cybersecurity technology investment decisions. We surveyed 618 U.S.-based information technology (IT) and security practitioners involved in determining investments in cybersecurity technologies. As shown in Figure 1, business objectives are most influential in deciding on a specific technology (73 percent of respondents) with security risk a close second (68 percent of respondents). Compliance with regulations is least influential. In the context of this research, we define security innovation as the use of enabling technologies and personnel in new ways to create a more secure and efficient organization and improve alignment between security initiatives and business goals. We asked respondents to rate their organizations level of security innovation. Only 32 percent of respondents felt their company is achieving a high level of innovation. Key findings Relying solely on Return on Investment (ROI) and Total Cost of Ownership (TCO) metrics can lead to poor investment decisions. Seventy percent of respondents believe ROI and TCO are important metrics for investment and measuring a technology s economic benefits. However, the same percentage say it is difficult to calculate an accurate ROI for a given security solution or technology. TCO is also difficult to determine, according to 61 percent of respondents. Incorporating other metrics into the decision process could result in smarter investments. Fifteen percent of respondents say their organizations do not use ROI or TCO at all. These organizations are most likely to look instead at improvements in the efficiency of security operations (56 percent of respondents) or reduction in downtime (50 percent of respondents) as ways to determine a technology s viability. Security investments are driven by cost. Sixty-four percent of respondents say cost and 56 percent of respondents say performance and vendor support are the most important factors when investing in security technologies. Features such as interoperability, proven risk reduction and lack of complexity are not considered as important (39 percent, 11 percent and 8 percent, respectively). Shelfware is every organization s problem. Ninety percent of respondents say their organization has invested in a security technology that was ultimately discontinued or scrapped before or soon after deployment. On average, 31 percent of security technologies purchased by organizations represented in this research over the past 24 months were never fully deployed Ponemon Institute Research Report Page 1

3 Part 2. Key findings In this section, we provide an analysis of the key findings. The complete audited findings are presented in the appendix of this report. We have organized the report according to the following topics? The use of ROI and TCO to determine cybersecurity investments When investments go wrong: the problem of shelfware How risk and innovation affects security investments The Use of ROI and TCO to Determine Cybersecurity Investments Organizations are making investment decisions based on inaccurate and unreliable numbers. As shown in Figure 2, 70 percent of respondents believe ROI and TCO are important metrics for investment and measuring a technology s economic benefits. Figure 2. The importance of ROI and TCO in making a technology investment 40% 35% 30% 25% 20% 15% 10% 5% 0% 19% 16% 25% 26% 19% 35% 15% 15% 15% 15% Essential Very important Important Not important We do not use ROI/TCO Importance of ROI Importance of TCO Ponemon Institute Research Report Page 2

4 However, according to Figure 3, 70 percent of respondents say it is very difficult (26 percent) or difficult (44 percent) to calculate an accurate ROI for a given security solution or technology. Similarly, it is difficult to calculate an accurate TCO, according to 61 percent of respondents. More than half of respondents say it is difficult to be precise when calculating ROI for each investment decision made (59 percent of respondents) and calculating a precise TCO (55 percent of respondents) for each investment decision made. Figure 3. How difficult is it to calculate a precise ROI and TCO for a security technology? 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 44% 38% 26% 25% 23% 18% 11% 9% 3% 3% Very difficult Difficult Not difficult Easy Unsure Calculate a precise ROI Calculate a precise TCO What ROI reveals about technologies frequently purchased. According to respondents, the average threshold ROI necessary to achieve a favorable investment decision in a given security solution or technology is 13.7 percent. As shown in Figure 4, the security technologies with the highest ROI are identity & access management (31 percent ROI), SIEM and security technology (29 percent ROI) and encryption for data at rest and in motion (both 25 percent ROI). Figure 4. Security technologies with the highest ROI Identity & access management 31% SIEM and security intelligence 29% Encryption for data at rest 25% Encryption for data in motion 25% Anti-virus & anti-malware 25% 0% 5% 10% 15% 20% 25% 30% 35% Ponemon Institute Research Report Page 3

5 According to Figure 5, access governance systems (9 percent), IT & credentialing system (8 percent), automated policy generation (8 percent), traditional firewalls (7 percent), and perimeter or location surveillance (6 percent) are technologies with the lowest ROI. Figure 5. Security technologies with the lowest ROI Access governance systems 9% ID & credentialing system 8% Automated policy generation 8% Firewalls (traditional) 7% Perimeter or location surveillance 6% 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% As a means of evaluating the success of specific investments, 54 percent of respondents say their organization reconciles the historic (original) ROI with actual ROI for most or some investments, according to Figure 6. Actual ROI tends to be lower than the historic ROI (46 percent of respondents) or actual and historic ROI tend to be very close (accurate), according to 34 percent of respondents. Forty-eight percent of respondents say their organization reconciles the historic (original) TCO with actual TCO for most or some investments. In contrast to ROI, actual TCO tends be higher than historic TCO, according to 44 percent of respondents. Thirty-six percent of respondents say actual and historic TCO tend to be close or accurate Figure 6. Do you reconcile actual ROI and TCO with historic ROI and TCO? 60% 50% 40% 36% 33% 42% 48% 30% 20% 18% 15% 10% 4% 4% 0% Yes, for most investments Yes, for some investments No Unsure Actual ROI is reconciled with historic ROI Actual TCO is reconciled with historic TCO Ponemon Institute Research Report Page 4

6 Inaccurate TCO and ROI metrics are used to reject technologies that could potentially be successful. Despite the difficulty in determining an accurate TCO, 56 percent of respondents say over the past 24 months one or more proposed investments in a particular solution or technology was rejected because of unfavorable TCOs, as shown in Figure 7. Over the past 24 months, one or more proposed investments was rejected because of unfavorable ROIs, according to 50 percent of respondents. Figure 7. Have proposed investments in a particular security or technology been rejected because of unfavorable ROIs or TCOs? 60% 56% 50% 40% 50% 45% 41% 30% 20% 10% 0% Yes No Unsure 5% 3% Unfavorable ROIs Unfavorable TCOs Other metrics could be useful in evaluating technology s economic viability. Fifteen percent of respondents say their organizations do not use ROI or TCO in their decision making. Figure 8 shows these organizations are most likely to use improvements in the efficiency of security operations (56 percent of respondents) or reduction in downtime (50 percent of respondents as ways to determine a technology s viability. Figure 8. Other metrics used to make investment decisions More than one response permitted Improvement in the efficiency of security operations 56% Reduction in system downtime Reduction in data breach costs 47% 50% Reduction in time to contain security incidents 38% Reduction is non-compliance costs including fines, penalties and lawsuits 23% Reduction in time to detect security incidents 12% Return on prevention 6% Other 2% None of the above 16% 0% 10% 20% 30% 40% 50% 60% Ponemon Institute Research Report Page 5

7 The Information Technology (IT) professional and IT security functions have similar influence over cybersecurity investments. As shown in Figure 9, those with the most influence in the purchase of security technologies are business unit leaders (59 percent), CIOs (53 percent) and the CISO (45 percent). However, the chief information officer (CIO) and chief information security officer (30 percent and 20 percent, respectively) hold the purse strings and are the final authority on how cybersecurity dollars should be spent. Figure 9. The main influencers and final authority on cybersecurity investment LOB or business unit leader Chief information officer Chief information security officer Chief technology officer Chief security officer Chief risk officer Chief compliance officer Chief financial officer CEO/COO 6% 2% 6% 2% 5% 1% 4% 4% 3% 3% 19% 20% 19% 19% 30% 45% 53% 59% 0% 10% 20% 30% 40% 50% 60% 70% Who influences what security technologies to purchase? Who is the final authority what security technologies to purchase? Ponemon Institute Research Report Page 6

8 When Investments Go Wrong: The Problem of Shelfware Security investments are driven by cost. As shown in Figure 10, 64 percent of respondents say cost and 56 percent of respondents say performance and vendor support are the most important factors when investing in security technologies. Surprisingly, important features such as interoperability, proven risk reduction and lack of complexity are not considered to be as influential (39 percent, 11 percent and 8 percent, respectively). Figure 10. Most important factors when investing in security technologies Four responses permitted Cost 64% Vendor support Performance 56% 56% Vendor reputation Efficiency Time to deploy Interoperability 45% 44% 40% 39% Scalability 28% Proven risk reduction 11% Redundancy Lack of complexity 8% 8% Other 1% 0% 10% 20% 30% 40% 50% 60% 70% Ponemon Institute Research Report Page 7

9 Shelfware is every organization s problem. Ninety percent of respondents say their organization has invested in a security technology that was ultimately discontinued or scrapped before or soon after deployment. As shown in Figure 11, on average, 31 percent of security technologies purchased by organizations represented in this research over the past 24 months were never fully deployed. Figure 11. The percentage of security technologies purchased over the past 24 months but never fully deployed Extrapolated value = 31 percent 40% 35% 36% 30% 28% 25% 20% 21% 15% 12% 10% 5% 0% Less than 10% 10% to 25% 26% to 50% 51% to 75% 76% to 100% 3% According to Figure 12, the technologies most often shelved are data loss prevention (55 percent), identity & access management (51 percent), SIEM and security intelligence (49 percent), Web application firewalls (46 percent) and intrusion & detection management (44 percent). Figure 12. Security technologies most often shelved before or soon after deployment More than one response permitted Data loss prevention (DLP) Identity & access management SIEM and security intelligence Web application firewalls (WAF) Intrusion & detection management Configuration & log management Endpoint security solutions Access governance systems Mobile device management Automated policy generation 55% 51% 49% 46% 44% 40% 39% 36% 35% 35% 0% 10% 20% 30% 40% 50% 60% Ponemon Institute Research Report Page 8

10 According to Figure 13, technologies least often shelved are tokenization tools (10 percent), perimeter or location surveillance (9 percent), encryption for data at rest (8 percent) and traditional firewalls (5 percent), according to Figure 13. Figure 13. Security technologies least often shelved before or soon after deployment More than one response permitted ID & credentialing system Database scanning and monitoring URL or content filtering Encryption for data in motion Anti-virus & anti-malware Virtual private network (VPN) Tokenization tools 14% 14% 13% 12% 12% 11% 10% Perimeter or location surveillance 9% Encryption for data at rest 8% Firewalls (traditional) 5% 0% 2% 4% 6% 8% 10% 12% 14% 16% Ponemon Institute Research Report Page 9

11 Complexity and difficulty in operating was the main reason the security technologies were scrapped before or soon after deployment (77 percent of respondents). This is followed by a lack of in-house expertise to deploy and operate the technology (55 percent of respondents). It is interesting that the primary reasons for purchasing a particular technology are cost and performance, when complexity of a system is most to blame for creating shelfware. Thus, level of complexity should become a more important factor in the purchasing decision. Figure 14. Why security technologies are scrapped before or soon after deployment More than one response permitted The technology was overly complex and too difficult to operate 77% Lack of in-house expertise to deploy and operate the technology 55% The technology was too expensive to maintain 41% Lack of vendor support and service 27% The technology did not meet the needs of our cybersecurity strategy The technology diminished the performance of our systems The technology diminished the productivity of our employees 12% 10% 16% Other 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Ponemon Institute Research Report Page 10

12 How did the shelfware experience change cybersecurity investments? Sixty-five percent of respondents say their organizations expanded the effort to evaluate vendors customer service and support. Organizations are also insisting on contracts (SLAs) that hold vendors accountable to their commitments (59 percent of respondents) and performance of additional risk assessments (47 percent of respondents). Figure 15. How did the shelfware experience change the organization s approach to purchasing cybersecurity technologies? Expanded the effort to evaluate vendors customer service and support Insisted on contracts (SLAs) that hold vendors accountable to their commitments 59% 65% Performed additional risk assessments 47% Conducted extensive testing of the technology prior to purchase Implemented pilot or "beta" tests before investing in the solution 25% 33% No change 8% Other 2% 0% 10% 20% 30% 40% 50% 60% 70% How Risk and Innovation Affects Security Investments Are organizations innovative in their use of security technologies? In the context of this research we define security innovation as the use of enabling technologies and personnel in new ways to create a more secure and efficient organization and improve alignment between security initiatives and business goals. Figure 16 reveals that almost half (49 percent) believe innovation is essential or very important to achieving a strong security posture. Figure 16. How important is innovation to achieving a strong security posture 40% 35% 34% 30% 25% 26% 20% 15% 15% 13% 12% 10% 5% 0% Essential Very important Important Not important Irrelevant Ponemon Institute Research Report Page 11

13 Only 32 percent of respondents say their organizations achieve a high level of innovation. Figure 17 shows how differently respondents define innovation. Seventy-five percent of respondents say the reason they believe their organizations are innovative is because they use existing technologies in ways that are more efficient and cost effective. Sixty-seven percent of respondents say they use these technologies to create a more secure and efficient organizations. Figure 17. What makes an organization innovative? More than one response permitted Uses existing technologies in ways that are more efficient and cost effective 75% Uses enabling technologies to create a more secure and efficient organization 67% Is not dependent upon any one vendor or solution to achieve a strong security posture 60% Uses technologies to improve alignment between security initiatives and business goals 55% Creative in using existing technologies to address new threats 46% Other 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 12

14 Those who believe their organizations are not innovative, cite several reasons. More than half (56 percent) feel their organization is overly dependent upon vendors to make technology decisions, 53 percent of respondents believe their organizational culture inhibits innovation and 40 percent say they do not have the right in-house expertise, as shown in Figure 18. Only 34 percent say their level of investment in security innovation has changed over the past 24 months. Figure 18. What keeps an organization from being innovative? More than one response permitted Overly dependent upon vendors to make technology decisions 56% Organizational culture inhibits innovation 53% Lack of in-house expertise 40% Lack of resources 37% Belief that innovation increases security risk 28% Overly dependent upon what industry peers are doing 16% Other 2% 0% 10% 20% 30% 40% 50% 60% Ponemon Institute Research Report Page 13

15 Part 3. Conclusion In this study, we explore how organizations are making decisions that will have a significant impact on their ability to prevent and detect cyber threats. Our findings reveal how organizations can avoid the problem of shelfware and invest instead in technologies that will pay dividends by reducing cybersecurity risks. Reduce dependency on ROI and TCO to make investment decisions. Instead, consider such metrics as improvements in the efficiency of security operations, reduction in time to detect security incidents and return on prevention. Cost should not be the most important factor when investing in a security technology. Companies find themselves investing heavily in technologies that are never deployed because they are overly complex. Yet, only eight percent of respondents say their organizations consider a lack of complexity in the investment decision. Shelfware would become less pervasive a problem if companies prioritized level of complexity, interoperability and proven risk reduction in their decision making Innovation is important to a strong cybersecurity posture. The most innovative organizations have found ways to use existing technologies that are more efficient and cost effective and to create a more secure and efficient organization. We believe these recommendations can be easily incorporated into an organization s strategy to improve the allocation of resources and achieve a strong cybersecurity posture. Ponemon Institute Research Report Page 14

16 Part 4. Methods The sampling frame is composed of 17,228 IT management and IT security practitioners who are located in the United States. All respondents are familiar with and responsible for determining their organizations investments in cybersecurity technologies. As shown in Table 1, 17,228 respondents completed the survey. Screening removed 73 surveys. The final sample was 618 surveys (or a 3.6 percent response rate). All survey responses were captured February 18 to March 13, Table 1. Sample response Freq Total sampling frame 17, % Total returns % Rejected or screened surveys % Final sample % We calculated a margin of error for all statistical survey questions that yielded a proportional or percentage result. Most questions utilized the full sample size of n = 618 qualified respondents. Assuming a confidence level at the 95 percent level, the margin of error for survey questions ranted from ± 1.0 percent to ± 5.6 percent, with an overall average of ± 3.6. Pie Chart 1 reports the current position or organizational level of the respondents. More than half of respondents (57 percent) reported their current position as supervisory or above. Pie Chart 1. Current position or organizational level 4% 2% 1% 2% 3% 16% 34% 23% Senior Executive Vice President Director Manager Supervisor Technician Staff Consultant Contractor 15% Ponemon Institute Research Report Page 15

17 Pie Chart 2 identifies the primary role the respondent has within the organization. Fifty-six percent of respondents identified the chief information officer as the primary person they report to. Another 21 percent indicated they report to the chief information security officer. Pie Chart 2. Primary person you or your IT leader reports to within the organization 6% 3% 3% 2% 2% Chief Information Officer Chief Information Security Officer 7% Chief Risk Officer Data Center Management 56% Other Compliance Officer 21% Chief Financial Officer Chief Security Officer Pie Chart 3 reports the primary industry classification of respondents organizations. This chart identifies financial services (18 percent) as the largest segment, followed by federal government (17 percent), healthcare (15 percent) and hi tech (11 percent). Pie Chart 3. Primary industry focus 4% 8% 18% 8% 9% 10% 17% Financial services Federal government Healthcare Hi Tech Utilities Energy, oil & gas Pharmaceuticals Telecom All others 11% 15% Ponemon Institute Research Report Page 16

18 According to Pie Chart 4, more than half of the respondents (64 percent) are from organizations with a global headcount of more than 1,000 employees. Pie Chart 4. Worldwide headcount of the organization 8% 8% 17% 11% 9% 19% < to to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 > 75,000 28% Table 2 reveals that in addition to the United States, 70 percent of respondents indicated their organization has employees in Canada and sixty-nice percent responded Europe. Table 2. Where are your employees located? United States 100% Canada 70% Europe 69% Asia-Pacific 49% Latin America (including Mexico) 43% Middle East & Africa 39% Ponemon Institute Research Report Page 17

19 Part 4. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners in various organizations in the United States. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a specified time period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses. Ponemon Institute Research Report Page 18

20 Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured February 18 to March 13, Survey response Freq Total sampling frame % Total returns % Rejected or screened surveys % Final sample % Part 1. Screening questions S1. How familiar are you with your organization s investments in cybersecurity technologies? Very familiar 33% Familiar 36% Somewhat familiar 31% No knowledge (Stop) 0% S2. Do you have any responsibility for determining investments in cyber security technologies? Yes, full responsibility 25% Yes, some responsibility 59% Yes, minimum responsibility 16% No responsibility (Stop) 0% Part 2. Attributions Q1a. My organization believes a strong cybersecurity posture is a competitive advantage. Strongly agree 12% Agree 18% Unsure 23% Disagree 25% Strongly disagree 22% Q1b. My organization s senior leadership understands the cybersecurity risks it faces. Strongly agree 15% Agree 19% Unsure 32% Disagree 22% Strongly disagree 12% Q1c. My organization is effective in using cybersecurity technologies to reduce the risk. Strongly agree 25% Agree 24% Unsure 25% Disagree 16% Strongly disagree 10% Ponemon Institute Research Report Page 19

21 Q1d. My organization is innovative in how it invests and deploys cybersecurity technologies Strongly agree 16% Agree 31% Unsure 25% Disagree 18% Strongly disagree 10% Q1e. My organization s senior leadership does not view investment in cybersecurity technologies as a strategic priority. Strongly agree 26% Agree 38% Unsure 16% Disagree 12% Strongly disagree 8% Q1f. My organization had made investments in security technologies that did not improve its cybersecurity posture. Strongly agree 29% Agree 29% Unsure 16% Disagree 16% Strongly disagree 10% Part 3. The measurement of security technology investment Q2a. How important is Return on Investment (ROI) in making a decision to invest in a given security solution or technology? Essential 19% Very important 25% Important 26% Not important 15% We do not use ROI to evaluate investments in security solutions or technologies [skip to Q3a] 15% Q2b. How difficult is it to calculate a precise (accurate) ROI for a given security solution or technology? Very difficult 26% Difficult 44% Not difficult 18% Easy 9% Unsure 3% Q2c Were you able to determine a precise ROI for each investment decision made? Yes 41% No 59% Ponemon Institute Research Report Page 20

22 Q2d. Over the past 24 months, were one or more proposed investments in a particular security solution or technology rejected because of unfavorable ROIs? Yes 50% No 45% Unsure 5% Q2e-1. Does your organization reconcile the historic (original) ROI with actual ROI for investments in security solutions or technologies? Yes, for most investments 18% Yes, for some investments 36% No 42% Unsure 4% Q2e-2. If yes, what best describes your organization s experience? Actual ROI tends to be lower than the historic ROI 46% Actual ROI tends to be higher than the historic ROI 15% Actual and historic ROI tend to be very close (accurate) 34% Unsure 5% Q2f. Approximately, what is the threshold ROI necessary to achieve a favorable investment decision in a given security solution or technology within your organization? Less than 5% 11% 5% to 10% 21% 11% to 15% 34% 16% to 20% 18% 21% to 25% 11% 26% to 30% 4% More than 30% 1% Q3a. How important is Total Cost of Ownership (TCO) in making a decision to invest in a given security solution or technology? Essential 16% Very important 19% Important 35% Not important 15% We do not use TCO to evaluate investments in security solutions or technologies [skip to Q4] 15% Q3b. How difficult is it to calculate a precise (accurate) TCO for a given security solution or technology? Very difficult 23% Difficult 38% Not difficult 25% Easy 11% Unsure 3% Ponemon Institute Research Report Page 21

23 Q3c. Were you able to determine a precise TCO for each investment decision made? Yes 45% No 55% Q3d. Over the past 24 months, were one or more proposed investments in a particular security solution or technology rejected because of unfavorable TCOs? Yes 56% No 41% Unsure 3% Q3e-1. Does your organization reconcile the historic (original) TCO with actual TCO for investments in security solutions or technologies? Yes, for most investments 15% Yes, for some investments 33% No 48% Unsure 4% Q3e-2. If yes, what best describes your organization s experience? Actual TCO tends to be lower than the historic TCO 15% Actual TCO tends to be higher than the historic TCO 44% Actual and historic TCO tend to be very close (accurate) 36% Unsure 5% Q4. If ROI or TCO is not used by your organization, what else is used to evaluate the economic viability of a particular security solution or technology? Please select all that apply. Improvement in the efficiency of security operations 56% Reduction in system downtime 50% Reduction in data breach costs 47% Reduction in time to contain security incidents 38% Reduction is non-compliance costs including fines, penalties and lawsuits 23% Reduction in time to detect security incidents 12% Return on prevention 6% Other (please specify) 2% None of the above 16% Ponemon Institute Research Report Page 22

24 Part 4. The security technology investment process Q5. What are the most important factors when investing in security technologies? Please select the top four. Cost 64% Performance 56% Vendor support 56% Vendor reputation 45% Efficiency 44% Time to deploy 40% Interoperability 39% Scalability 28% Proved risk reduction 11% Lack of complexity 8% Redundancy 8% Other (please specify) 1% Total 400% Q6. In your organization, who is the final authority on what security technologies to purchase? Chief information officer 30% Chief information security officer 20% Chief technology officer 19% LOB or business unit leader 19% Chief financial officer 4% CEO/COO 3% Chief security officer 2% Chief risk officer 2% Chief compliance officer 1% Other (please specify) 0% Q7. In your organization, who influences what security technologies to purchase? Please select the top two choices. LOB or business unit leader 59% Chief information officer 53% Chief information security officer 45% Chief technology officer 19% Chief security officer 6% Chief risk officer 6% Chief compliance officer 5% Chief financial officer 4% CEO/COO 3% Other (please specify) 0% Total 200% Q8. What best describes the investment process for security technologies? A structured approach that is applied consistently throughout the organization 31% A structured approach that is not applied consistently throughout the organization 18% An unstructured approach that applied consistently throughout the organization 4% An unstructured approach that is not applied consistently throughout the organization 28% An ad hoc approach 19% Ponemon Institute Research Report Page 23

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

2015 Global Study on IT Security Spending & Investments

2015 Global Study on IT Security Spending & Investments 2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming

More information

The Cost of Malware Containment

The Cost of Malware Containment The Cost of Malware Containment Sponsored by Damballa Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report The Cost of Malware Containment Ponemon

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015 The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

Understanding Security Complexity in 21 st Century IT Environments:

Understanding Security Complexity in 21 st Century IT Environments: Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted

More information

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

The Challenge of Preventing Browser-Borne Malware

The Challenge of Preventing Browser-Borne Malware The Challenge of Preventing Browser-Borne Malware Sponsored by Spikes Security Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1.

More information

Electronic Health Information at Risk: A Study of IT Practitioners

Electronic Health Information at Risk: A Study of IT Practitioners Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic

More information

A Study of Retail Banks & DDoS Attacks

A Study of Retail Banks & DDoS Attacks A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of

More information

The SQL Injection Threat Study

The SQL Injection Threat Study The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

The Cost of Web Application Attacks

The Cost of Web Application Attacks The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

The Unintentional Insider Risk in United States and German Organizations

The Unintentional Insider Risk in United States and German Organizations The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

Data Breach: The Cloud Multiplier Effect

Data Breach: The Cloud Multiplier Effect Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

Security Metrics to Manage Change: Which Matter, Which Can Be Measured?

Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:

More information

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report

More information

The State of Mobile Application Insecurity

The State of Mobile Application Insecurity The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State

More information

Reputation Impact of a Data Breach U.S. Study of Executives & Managers

Reputation Impact of a Data Breach U.S. Study of Executives & Managers Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon

More information

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction

More information

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving

More information

Global Insights on Document Security

Global Insights on Document Security Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security

More information

Advanced Threats in Retail Companies: A Study of North America & EMEA

Advanced Threats in Retail Companies: A Study of North America & EMEA Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report

More information

Cyber Security on the Offense: A Study of IT Security Experts

Cyber Security on the Offense: A Study of IT Security Experts Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report

More information

Data Security in the Evolving Payments Ecosystem

Data Security in the Evolving Payments Ecosystem Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

More information

Security of Cloud Computing Users Study

Security of Cloud Computing Users Study Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part

More information

2014: A Year of Mega Breaches

2014: A Year of Mega Breaches 2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

State of Web Application Security U.S. Survey of IT & IT security practitioners

State of Web Application Security U.S. Survey of IT & IT security practitioners State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon

More information

The State of USB Drive Security

The State of USB Drive Security The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research

More information

The SQL Injection Threat & Recent Retail Breaches

The SQL Injection Threat & Recent Retail Breaches The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners 0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

2015 Global Megatrends in Cybersecurity

2015 Global Megatrends in Cybersecurity 2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute

More information

Third Annual Study: Is Your Company Ready for a Big Data Breach?

Third Annual Study: Is Your Company Ready for a Big Data Breach? Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute

More information

State of IT Security Study of Utilities & Energy Companies

State of IT Security Study of Utilities & Energy Companies State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of

More information

The State of Data Centric Security

The State of Data Centric Security The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security

More information

Breaking Bad: The Risk of Insecure File Sharing

Breaking Bad: The Risk of Insecure File Sharing Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The

More information

The Security Impact of Mobile Device Use by Employees

The Security Impact of Mobile Device Use by Employees The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security

More information

Defining the Gap: The Cybersecurity Governance Study

Defining the Gap: The Cybersecurity Governance Study Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining

More information

Cyber Threat Intelligence: Has to Be a Better Way

Cyber Threat Intelligence: Has to Be a Better Way Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication

More information

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.

More information

Achieving Data Privacy in the Cloud

Achieving Data Privacy in the Cloud Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute

More information

IBM QRadar Security Intelligence: Evidence of Value

IBM QRadar Security Intelligence: Evidence of Value IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:

More information

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

The Role of Governance, Risk Management & Compliance in Organizations

The Role of Governance, Risk Management & Compliance in Organizations The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication

More information

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication

More information

Challenges of Cloud Information

Challenges of Cloud Information The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research

More information

Privileged User Abuse & The Insider Threat

Privileged User Abuse & The Insider Threat Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon

More information

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013 The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach

More information

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon

More information

2015 Global Cyber Impact Report

2015 Global Cyber Impact Report 2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015

More information

National Survey on Data Center Outages

National Survey on Data Center Outages National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,

More information

APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE

APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE INDEPENDENTLY CONDUCTED BY PONEMON INSTITUTE LLC, JULY 2016 Part 1. Introduction Ponemon Institute is pleased to present the results of Application Security

More information

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:

More information

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute

More information

IBM QRadar: Evidence of Value

IBM QRadar: Evidence of Value IBM QRadar: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report IBM QRadar: Evidence of Value Ponemon Institute: February 2014 Part 1. Introduction

More information

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc. Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.

More information

The Economic and Productivity Impact of IT Security on Healthcare

The Economic and Productivity Impact of IT Security on Healthcare The Economic and Productivity Impact of IT Security on Healthcare Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: May 2013 Ponemon Institute Research Report The

More information

Compliance Cost Associated with the Storage of Unstructured Information

Compliance Cost Associated with the Storage of Unstructured Information Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report

More information

The TCO of Software vs. Hardware-based Full Disk Encryption Summary

The TCO of Software vs. Hardware-based Full Disk Encryption Summary The TCO of vs. -based Full Disk Encryption Summary Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research Report

More information

Security of Cloud Computing Users A Study of Practitioners in the US & Europe

Security of Cloud Computing Users A Study of Practitioners in the US & Europe Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report

More information

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013 2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon

More information

Big Data Analytics in Cyber Defense

Big Data Analytics in Cyber Defense Big Data Analytics in Cyber Defense Sponsored by Teradata Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Big Data Analytics in Cyber

More information

Corporate Data: A Protected Asset or a Ticking Time Bomb?

Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate

More information

Enhancing Cybersecurity with Big Data: Challenges & Opportunities

Enhancing Cybersecurity with Big Data: Challenges & Opportunities Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The

More information

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute

More information

The Fraud Report: How Fake Users Are Impacting Business

The Fraud Report: How Fake Users Are Impacting Business The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud

More information

Encryption in the Cloud

Encryption in the Cloud Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute

More information

State of SMB Cyber Security Readiness: UK Study

State of SMB Cyber Security Readiness: UK Study State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction

More information

The TCO of Software vs. Hardware-based Full Disk Encryption

The TCO of Software vs. Hardware-based Full Disk Encryption The TCO of Software vs. Hardware-based Full Disk Encryption Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research

More information

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute Research Report

More information

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009 Sponsored by Symantec Corporation Ponemon

More information

Global Study on the State of Payment Data Security

Global Study on the State of Payment Data Security Global Study on the State of Payment Data Security 3 Introduction We are pleased to present the findings of The Global Study on the State of Payment Data Security Study conducted on behalf of Gemalto by

More information

The Imprivata Report on the Economic Impact of Inefficient Communications in Healthcare

The Imprivata Report on the Economic Impact of Inefficient Communications in Healthcare The Imprivata Report on the Economic Impact of Inefficient Communications in Healthcare Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report The

More information

LiveThreat Intelligence Impact Report 2013

LiveThreat Intelligence Impact Report 2013 LiveThreat Intelligence Impact Report 2013 Sponsored by Independently conducted by Ponemon Institute LLC Publication Date: July 2013 Ponemon Institute Research Report Contents Part 1. Introduction 3 Executive

More information

2013 State of the Endpoint

2013 State of the Endpoint 2013 State of the Endpoint Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report 2013 State of the Endpoint Ponemon Institute:

More information

2012 Business Banking Trust Trends Study

2012 Business Banking Trust Trends Study 2012 Business Banking Trust Trends Study Sponsored by Guardian Analytics Independently conducted by Ponemon Institute LLC Publication Date: August 2012 Ponemon Institute Research Report Part 1. Introduction

More information

Critical Infrastructure: Security Preparedness and Maturity Sponsored by Unisys

Critical Infrastructure: Security Preparedness and Maturity Sponsored by Unisys Critical Infrastructure: Security Preparedness and Maturity Sponsored by Unisys Independently conducted by Ponemon Institute LLC Publication Date: July 2014 31 Part 1. Introduction Ponemon Institute is

More information

Privacy and Security in a Connected Life: A Study of US Consumers

Privacy and Security in a Connected Life: A Study of US Consumers Privacy and Security in a Connected Life: A Study of US Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part

More information

Third Annual Survey on Medical Identity Theft

Third Annual Survey on Medical Identity Theft Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:

More information

Second Annual Benchmark Study on Patient Privacy & Data Security

Second Annual Benchmark Study on Patient Privacy & Data Security Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report

More information

Privacy and Security in a Connected Life: A Study of European Consumers

Privacy and Security in a Connected Life: A Study of European Consumers Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research

More information

2015 State of the Endpoint Report: User-Centric Risk

2015 State of the Endpoint Report: User-Centric Risk 2015 State of the Endpoint Report: User-Centric Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report 2015 State

More information