2015 Global Megatrends in Cybersecurity

Size: px
Start display at page:

Download "2015 Global Megatrends in Cybersecurity"

Transcription

1 2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report

2 2015 Global Megatrends in Cybersecurity Ponemon Institute, February 2015 Part 1. Introduction We are pleased to present the findings of the 2015 Global Megatrends in Cybersecurity sponsored by Raytheon. The purpose of this research is to understand the big trends or changes that will impact the security posture of organizations in both the public and private sector in the next three years. Moreover, the study looks at the next generation of protocols and practices as the cybersecurity field evolves and matures. We surveyed 1,006 senior-level information technology and information technology security leaders (hereafter referred to as respondent) in the US, UK/Europe and Middle East/North Africa (MENA) who are familiar with their organizations cybersecurity strategies. The research covered a range of trends related to an organization s ability to protect itself from cyber threats and attacks. Some of the areas addressed in this report are: the critical disconnect between CISOs and senior leadership, insider negligence, the Internet of Things, adoption of new technologies such as big data analytics, predictions of increases in nation state attacks and advanced persistent threats and the dearth of cyber talent. Overall direction of cybersecurity posture As noted in Figure 1, a majority of respondents believe their organizations cybersecurity posture will improve. Respondents in MENA are most positive about improvements in cyber security and the UK/Europe is least positive. According to the findings, the following reasons are why the cyber security posture of organizations are projected to improve over the next three years: Cyber intelligence will become more timely and actionable More funding will be made available to invest in people and technologies Technologies will become more effective in detecting and responding to cyber threats More staffing will be available to deal with the increasing frequency of attacks Employee-related risks will decline Following are reasons why the cyber security posture of organizations might decline: Inability to hire and retain expert staff Lack of actionable and timely intelligence Employee-related risks might not be reduced A lack of funding will prevent appropriate investments in people and technologies Technologies that address the specific cyber threats to the organization will not be available Page 1

3 Part 2. Seven Megatrends in Cybersecurity Based on the findings of the research, there are seven mega trends that will significantly impact the cybersecurity posture of organizations in the following areas: disruptive technologies, cyber crime, cost of compliance, the human factor, organizational and governance factors and enabling security technologies. Following is a summary of these seven mega trends and implications for companies. 1. Cybersecurity will become a competitive advantage and a C-level priority. As part of this study, we asked a panel of cybersecurity experts to predict changes to several normatively important characteristics concerning the role, mission and strategy of security. 1 A total of 110 individuals with bona fide credentials in information security provided their three-year predictions. In each of the following figures, today s average results were derived from the survey sample (n=1,006). An expert panel provided future predictions (n=110). Figure 2 shows only 25 percent of respondents believe their organization s C-level views security as a competitive advantage. However, 59 percent of respondents in the expert panel say C-level executives will view security as a competitive advantage three years from now. Figure 2. Do your organization s senior leadership view cybersecurity as a necessary cost or a competitive advantage? 80% 75% 70% 60% 59% 50% 40% 41% 30% 25% 20% 0% Today Necessary cost Competitive advantage Future (3 years from now) 1 The expert panel consisted of individuals with, on average, more than 20 years of experience in IT or information security leadership. Many of these individuals are Distinguished Fellows of Ponemon Institute. Page 2

4 Figure 3 shows only 34 percent of respondents believe their organization s senior leadership views security as a strategic priority. Fifty-four percent of the expert panel forecast that C-level executives will view security as a strategic priority three years from now. Figure 3. Does senior leadership view cybersecurity as a strategic priority? 70% 66% 60% 50% 54% 46% 40% 34% 30% 20% 0% Today Future (3 years from now) Yes No or Unsure Figure 4 shows 22 percent of respondents say their organization s security leader briefs the board of directors on cybersecurity strategy. Sixty-six percent of the expert panel forecast that three years from now the organization s security leader will regularly brief the board on a recurring basis. Figure 4. Does your organization s security leader brief the board of directors on the cybersecurity strategy? 90% 80% 70% 60% 50% 40% 30% 20% 0% 22% Today 78% 66% 34% Future (3 years from now) Yes No or Unsure Page 3

5 Figure 5 reports 14 percent of respondents say their organization s security leader has a direct reporting relationship with the CEO. In contrast, 30 percent of the expert panel predict that the security leader will directly report to the organization s CEO three years from now. Figure 5. Does your organization s security leader report directly to the CEO? 100% 90% 80% 70% 60% 50% 40% 30% 20% 0% 14% Today 86% 30% 70% Future (3 years from now) Yes No or Unsure Page 4

6 The following megatrends are presented as a percentage net change between the current state (e.g., today) and the future state (e.g., 3 years from now). The formula for percentage net change is defined as: Percentage net change = {[Current state Future state] / ½ * [Current state + Future state]} 2. Insider negligence risks are decreasing. Due to investments in technologies, organizations will gain better control over employees insecure devices and apps. Training programs will increase awareness of cybersecurity practices. A lack of visibility into what employees are doing in the workplace will become less of a problem in the next three years. Figure 6 provides the percentage net changes in human factor security risks. Here, a negative percentage indicates that the security risk rating is expected to increase. A positive percentage indicates the risk is forecasted to decline. As noted in this figure, only one attribution (about the inability to enforce compliance with polices) is expected to worsen over the next three years. According to respondents, the inability to control employees devices and apps, lack of awareness of cybersecurity practices, employee complacency about cybersecurity and a lack of visibility into what employees are doing in the workplace will become less of a problem in the next three years. Investments in technologies to address these threats and better controls over BYOD and BYOC will make these risks more manageable. Figure 6. Percentage net changes in human factor megatrends Consolidated view Inability to enforce compliance with policies -2% Contract workers replacing employees 4% More employees working outside the office Insufficient staff with knowledge and credentials Lack of awareness of cybersecurity practices Inability to control employees' devices and apps 25% 30% 32% Employee complacency about cybersecurity Inability to know what employees are doing in the workplace 40% 51% - 0% 20% 30% 40% 50% 60% Percentage net change on security risk ratings Page 5

7 3. Cyber crime will keep information security leaders up night. There will be significant increases in the risk of nation state attackers and advanced persistent threats, cyber warfare or terrorism, data breaches involving high value information and the stealth and sophistication of cyber attackers. In contrast, there are expected to be slight improvements in mitigating the risk of hacktivism and malicious or criminal insiders. Figure 7 provides the percentage net changes in cyber crime mega trends. Here, a negative percentage indicates that the security risk rating is expected to increase. A positive percentage indicates that risk is forecasted to decline. According to respondents, there will be significant increases in the risk of nation state attackers and advanced persistent threats, cyber warfare or terrorism, data breaches involving high value information and the stealth and sophistication of cyber attackers. In contrast, there are expected to be slight improvements in mitigating the risk of hacktivism and malicious or criminal insiders. Figure 7. Percentage net changes in cyber crime megatrends Consolidated view Nation state attackers -37% Cyber warfare or cyber terrorism -24% Breaches involving high-value information Stealth and sophistication of cyber attackers Zero-day attacks Breaches that disrupt business and IT processes Breaches that damage critical infrastructure -15% -14% -13% -12% -11% Breaches involving large volumes of data -3% Emergence of cyber syndicates Malicious or criminal insiders Emergence of hacktivism 0% 2% 3% -45% -35% -25% -15% -5% 5% 15% Percentage net change on security risk ratings Page 6

8 4. The Internet of Things is here but organizations are slow to address its security risks. The Internet of Things is the expanding network of billions of connected devices that are permeating our daily lives from the computers inside our cars to our WiFi enabled appliances, from wireless medical devices to wearable device. Because consumers are embracing more connected devices, information security leaders predict that the Internet of Things will be one of the most significant disruptive technologies in the near future. Figure 8 shows respondents perceptions about preparedness for cybersecurity risks resulting from the Internet of Things are generally consistent across all three regional samples. The majority of respondents do not believe they are ready for the impact the Internet of Things will have on their organizations. Figure 8. My organization is prepared to deal with potential cybersecurity risks resulting from the Internet of Things 40% 35% 30% 34% 30% 28% 25% 20% 15% 5% 0% US UK/Europe MENA Strongly agree and agree responses combined Page 7

9 Figure 9 shows the disruptive technologies that will increase or decrease in their risk to an organization. The Internet of Things risk is projected to increase by 25 percent and follows virtual currencies (48 percent increase in risk) and big data analytics (32 percent increase in risk). Figure 9. Percentage net changes in disruptive technology megatrends Consolidated view Organization s acceptance of virtual currencies -48% Organization s use of big data analytics The Internet of Things Organization s use of mobile payments -32% -25% -21% Organization s use of IT virtualization 3% Employees use of social media in the workplace Organization s use of cloud infrastructure Organization s use of digital identities Organization s use of cloud file sharing tools Organization s use of cloud services Employee-owned mobile devices (BYOD) Employees use of favorite cloud apps (BYOC) 11% 14% 15% 19% 25% 33% 38% -60%-50%-40%-30%-20%- 0% 20% 30% 40% 50% Percentage net change on security risk ratings Page 8

10 5. The cyber talent gap will persist. Figure 10 shows respondents in three regional samples hold a consistent belief that their organizations need more knowledgeable and experienced cybersecurity practitioners (i.e., the cyber talent gap). Figure 10. My organization needs more knowledgeable and experienced cybersecurity practitioners 80% 70% 67% 66% 65% 60% 50% 40% 30% 20% 0% US UK/Europe MENA Strongly agree and agree responses combined Figure 11 lists the factors that respondents believe could hinder or stall improvements in their organization s cybersecurity posture in the next 3 years. At 45 percent, the number one factor for respondents is the inability to hire and retain staff. This is closely followed by a lack of actionable intelligence (44 percent) and the inability to curtail employee-related security risks (43 percent). Figure 11. Factors that will hinder improvement over the next 3 years Consolidated view Inability to hire and retain expert staff Lack of actionable intelligence Inability to minimize employee risk 44% 43% 45% Lack of funding Lack of suitable technologies Increase in complexity Lack of C-level support 34% 33% 31% 29% Lack of cybersecurity leadership 22% Increase in compliance burden 19% 0% 5% 15% 20% 25% 30% 35% 40% 45% 50% Page 9

11 6. Big shifts in new technologies towards big data analytics, forensics and intelligencebased cyber solutions. The following technologies will gain the most in importance over the next 3 years: encryption for data at rest, big data analytics, SIEM and cybersecurity intelligence, automated forensics tools, encryption for data in motion, next generation firewalls, web application firewalls, threat intelligence feeds and sandboxing or isolation tools. Figure 12 provides the percentage net changes in importance ratings for 25 enabling security technologies for the consolidated sample. Here, a positive net change percentage indicates that the importance of a given technology is projected to increase over the next three years. A negative percentage indicates the importance of the technology is projected to decrease. The technologies that achieve the highest percentage net change are: encryption for data at rest, big data analytics, forensics (automated tools), next generation firewalls, SIEM, threat intelligence feeds, web application firewalls, sandboxing or isolation tools and encryption for data in motion. Technologies that are projected to become less important over time include anti-virus tools and data loss prevention systems. Figure 12. Percentage change in importance of enabling security technologies Consolidated view Encryption for data at rest Big data analytics SIEM and cybersecurity intelligence Forensics (automated tools) Encryption for data in motion Next generation firewalls (NGFW) Web application firewalls (WAF) Threat intelligence feeds Sandboxing or isolation tools Access governance systems Tokenization tools Automated policy generation Perimeter or location surveillance Identity & access management Intrusion detection & prevention Incident response tools Database scanning and monitoring URL or content filtering Device anti-theft solutions Configuration & log management Virtual private network (VPN) ID & credentialing system Endpoint and mobile device management Data loss prevention (DLP) Anti-virus & anti-malware -12% -17% 0% 0% -1% -2% -4% -4% -5% -6% 6% 4% 3% 2% 2% 1% 24% 20% 20% 19% 19% 18% 18% 17% 17% -30% -20% - 0% 20% 30% Percentage net change on importance ratings Page 10

12 7. Despite alarming media headlines, cybersecurity postures are expected to improve. As noted in Figure 13, the majority of respondents say their cybersecurity postures will improve for the following reasons: cyber intelligence will become more timely and actionable, more funding will be made available to invest in people and technologies, technologies will become more effective in detecting and responding to cyber threats, more staffing will be available to deal with the increasing frequency of attacks and employee-related risks will decline. Figure 13. Will our organization s security posture improve, decline or stay at the same level? 70% 60% 60% 55% 64% 50% 40% 30% 31% 32% 26% 20% 9% 13% 0% US UK/Europe MENA Improve Stay the same Decline Page 11

13 Part 3. Country Comparisons In this section we compare the average megatrend ratings for the countries represented in this study. Figure 14 provides the summarized average risk rating for six areas of megatrends by country sample. Each respondent provided a rating on a 5-point scale from 1 = low to 5 = high. A risk scale was used to rate four mega trend categories namely, organizational factors, the human factor, disruptive technologies and cyber crime. Security technologies were rated on importance and compliance was rated on cost burden. Respondents provided ratings in three separate samples (US, UK/Europe and MENA) for today and three years from now (future). As shown below, ratings across country samples vary. The US sample appears to have higher or more risky ratings on average and the MENA sample has lower or less risky ratings. The grand mean for both the current state (today) and future state is 3.6, which is significantly higher than the 5-point scale median of 3.0. Figure 14. Average megatrend ratings for today and future state by country sample Panel A: Current State (Today) Security technologies Organizational factors Human factor Disruptive technologies Cyber crime Compliance cost MENA UK/Europe US Panel B: Future State (3 years from now) Security technologies Organizational factors Human factor Disruptive technologies Cyber crime Compliance cost MENA UK/Europe US Page 12

14 According to the findings, net changes across country samples are generally consistent, with mixed results for human and organizational factors, respectively. Results suggest that security technologies will increase in importance and the human factor risk will improve significantly in the US and UK/Europe over three years. In contrast, organizational factors, disruptive technologies, cyber crime and compliance costs are all predicted to worsen over time. In the US, organizational factors will improve slightly. Figure 15. Percentage net changes between current and future states by country sample Security technologies Worsened State Improved State 17% 17% 14% Organizational factors -20% -2% 2% Human factor - 23% 43% Disruptive technologies Cyber crime Compliance cost -22% -24% -18% -8% -8% - -6% -8% - -30% -20% - 0% 20% 30% 40% 50% MENA UK/Europe US Page 13

15 Part 4. Other Megatrends and Findings Will governance practices evolve to meet cybersecurity challenges? Three years from now, due in part to the growth of connected mobile devices, respondents believe it will become more difficult to secure access to data, systems and physical spaces, as shown in Figure 16. Respondents also believe the complexity of IT operations coupled with the growth of unstructured data assets will cause a substantial increase in security risks. Another factor that is projected to increase risk concerns the inability to integrate disparate technologies. Figure 16. Percentage net change in organizational factor mega trends Consolidated view Inability to secure access rights to data, systems and physical spaces Complexity of business and IT operations -20% -17% Growth of unstructured data assets Inability to integrate disparate technologies Inability to integrate necessary data sources for actionable cyber intelligence Integration of third parties into internal networks and applications Silos and the lack of collaboration -9% -7% -2% 1% 2% Lack of cybersecurity leadership Inability to convince leadership to make cybersecurity a priority Lack of funding to support cyber defense 8% 13% 19% -35% -25% -15% -5% 5% 15% 25% Percentage net change on security risk ratings Page 14

16 The compliance cost burden is predicted to increase. Three years from now, due to the increase in cyber attacks and cyber terrorism, organizations will be facing the need to invest more in compliance with mandates on critical infrastructure protection and national cyber defense strategies. An increase in class action and tort litigation because of the continuation of data breaches will be another concern for organizations. Figure 17. Percentage change in compliance cost megatrends Consolidated view Mandates on critical infrastructure protection National cyber defense strategies -41% -40% Class action and tort litigation Federal laws regulating data protection and privacy International privacy and data protection laws E-Discovery requirements -31% -9% -8% -4% State laws regulating data protection and privacy Self-regulatory programs (such as ISO or PCI) Cybersecurity governance -1% 0% 3% -50% -40% -30% -20% - 0% Percentage net change on cost ratings Page 15

17 What respondents believe is the current state of cybersecurity. Figure 18 provides the strongly agree and agree response to eight attributions about cybersecurity. As can be seen, 66 percent of respondents believe their organization needs more knowledgeable and experienced cybersecurity practitioners. Fifty-nine percent believe cyber intelligence activities are necessary for protecting information assets and IT infrastructure. Slightly less than half (48 percent ) believe their organization has adequate security technologies. Finally, only 31 percent of respondents believe their organization is prepared to deal with cybersecurity risks or issues in the Internet of Things. Figure 18. The current state of cybersecurity Strongly agree and Agree responses combined My organization needs more knowledgeable and experienced cybersecurity practitioners. 66% My organization believes cyber intelligence activities are necessary for protecting information assets and IT infrastructure. 59% My organization has adequate security technologies to protect information assets and IT infrastructure. My organization takes appropriate steps to comply with the leading cybersecurity standards. 48% 47% My organization has ample resources to ensure all cybersecurity requirements are met. 47% My organization consistently follows policies and procedures that seek to protect information assets and IT infrastructure. My organization is investing in big data analytics for cyber defense. My organization is prepared to deal with potential cybersecurity risks resulting from the Internet of things. 31% 39% 37% 0% 20% 30% 40% 50% 60% 70% Strongly agree and Agree responses combined Page 16

18 Why will organizations cybersecurity posture improve? As discussed earlier in the report, there is general optimism that organizations will rise to the challenge of dealing with cyber threats. Figure 19 shows the success factors that respondents believe could drive improvement to their organization s cybersecurity posture in the next 3 years. The top three choices are: increase in funding, improvements to cyber intelligence and improvement in enabling security technologies. Figure 19. Factors that will drive improvement over the next 3 years Consolidated view Increase in funding Cyber intelligence improvements 47% 47% Improvement in technologies Improvement in staffing 41% 40% Ability to minimize employee-related risk 36% Improvement in threat sharing Reduction in complexity Cybersecurity leadership Increase in C-level support 23% 21% 19% 16% Reduction in compliance burden 0% 5% 15% 20% 25% 30% 35% 40% 45% 50% Page 17

19 Figure 20 lists in descending order of importance what respondents believe will be the most prevalent types of cyber threats over the next 3 years. The top five choices are: zero day attacks, data leakage in the cloud, mobile malware/targeted attacks, SQL injection and phishing attacks. Figure 20. What respondents believe will be the most prevalent cyber threats or attacks over the next three years Consolidated view Zero day attacks 49% Cloud data leakage Mobile malware/targeted attacks SQL injection Phishing attacks Critical infrastructure attacks 41% 38% 37% 36% 35% Watering hole attacks 29% Compromised supply chain Insider threats DDoS Rootkits 25% 23% 23% 22% BYOD data theft Cross-site scripting Compromised trusted partners Compromised MSSPs/SaaS providers MacOS malware/targeted attacks Botnet attacks Linux malware/targeted attacks Clickjacking Attacks against control systems 13% 12% 9% 8% 8% 7% 0% 20% 30% 40% 50% 60% Page 18

20 Part 4. Conclusion Many information security professionals believe the next three years will determine if organizations can win the cyber war. Understanding the big trends that will impact the security posture of organizations will help organizations make smarter decisions about their investments in people, processes and technologies to achieve success. To gain this understanding, we turned to information security leaders throughout the world to identify the most important trends for the next three years. Based on the findings, following are recommendations and observations: Prepare to deal with external threats such as nation state attackers, cyber warfare or cyber terrorism. With the negligence insider risk decreasing, more resources should be allocated to dealing with an increasing sophisticated and stealthy cyber criminal. Establish regular cyber training and awareness programs. These programs are critical in making employees and contractors the first line of defense against malicious or criminal activity. Develop a strategy to deal with the risks created by the Internet of Things. Conduct a security impact assessment on how the Internet of Things will impact your organization s security posture. Be aware of the growing adoption of virtual currencies that will pose new risks to both organizations and customers. Understand how to use big data analytics effectively. Big data analytics will have both a negative and positive impact on organizations. The negative will be the vast amounts of sensitive and confidential data that will have to be protected. The positive will be the availability of analytics that will be helpful in detecting and blocking cyber attacks. Go back to school and recruit experts in cybersecurity. A key differentiator among organizations will be the ability to hire and retain knowledgeable and experienced cybersecurity practitioners. Invest in the tried and true technologies because they will become more important. These include encryption for data at rest and in motion, SIEM and cybersecurity technologies and firewalls. While leadership for cybersecurity initiatives will improve other governance issues will become more troublesome. These are the inability to secure access rights to data, systems and physical spaces, complexity of business and IT operations, the growth of unstructured data assets and the inability to integrate disparate technologies. Prepare to deal with an increasing litigious environment due to class action and tort litigation. The compliance cost burden will increase for organizations due to mandates on critical infrastructure protection. Page 19

21 Part 5. Methods A random sampling frame of 27,125 senior-level IT and IT security practitioners located in the United States, Europe and MENA were selected as participants to this survey. All respondents were screened to ensure they had bona fide credentials in cybersecurity or related disciplines. 2 When asked what best describes their role in managing security risk, 58 percent of respondents said they set priorities, 57 percent said they manage budgets, 63 percent select vendors and contractors, 43 percent determine the organization s security strategy and 46 percent evaluate program performance. By design, 97 percent of respondents are at supervisory or executive levels. The organizational level of respondents is as follows: C-level (8 percent), Director (32 percent), Vice President (13 percent), Senior Executive (10 percent), Manager (34 percent) and Other (3 percent). The department or function where respondents are located within the organization is as follows: Chief Information Officer (51 percent), Chief Technology Officer (8 percent), CEO/President (7 percent), Chief Security Officer (6 percent), Chief Risk Officer (6 percent), Chief Financial Officer (5 percent), General Counsel (5 percent), Compliance Officer (4 percent), Business Owner (3 percent) and Other (5 percent). As shown in Table 1, a consolidated total of 1,125 respondents completed the survey. Screening and failed reliability checks resulted in the removal of 119 surveys. The final sample was 1,006 surveys (or a 3.7 percent overall response rate). Table 1. Survey Response Total sampling frame Total survey returns Rejected or screened surveys Final sample Response rate US UK/Europe MENA Consolidated 11,550 9,790 5,785 27, % 4.1% 3.1% 3.7% 2 When asked what best describes their job-related role in managing security risk, 58 percent of respondents said they set priorities, 57 percent said they manage budgets, 63 percent said they select vendors and contractors, 43 percent determine the organization s security strategy and 46 percent evaluate program performance. Page 20

22 Pie Chart 1 reports the industry segments of respondents organizations. This chart identifies financial services (15 percent) as the largest segment, followed by industrial (12 percent) and public sector (11 percent). Pie Chart 1. Industry distribution of respondents organizations 3% 4% 5% 3% 5% 3% 3% 2% 3% 3% 3% 6% 9% 15% 11% 12% Financial services Industrial Public sector Services Health & pharmaceutical Energy & utilities Technology Hospitality & leisure Software Consumer products Retail, store Other Retail, Internet Transportation Communications Education & research Agriculture & food services Pie chart 2 shows 42 percent of respondents are from organizations with a worldwide headcount of more than 5,000 employees. Pie Chart 2. Worldwide headcount of the organization 9% 14% 12% < to % 501 to 5,000 5,001 to 10,000 22% 10,001 to 25,000 > 25,000 24% Page 21

23 Part 6. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. Please contact or call us at if you have any questions. Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Copyright 2015, Raytheon Company, Ponemon Institute, LLC. All rights reserved. No parts of this material may be reproduced in any form without the written permission of Raytheon or the Ponemon Institute, LLC. Permission has been obtained from the copyright co-owner, Raytheon to publish this reproduction, which is the same in all material respects, as the original unless approved as changed. No parts of this document may be reproduced, stored in any retrieval system, or transmitted in any form, or by any means electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of Raytheon or the Ponemon Institute, LLC. Page 22

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction

More information

Understanding Security Complexity in 21 st Century IT Environments:

Understanding Security Complexity in 21 st Century IT Environments: Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted

More information

A Study of Retail Banks & DDoS Attacks

A Study of Retail Banks & DDoS Attacks A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

The SQL Injection Threat Study

The SQL Injection Threat Study The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving

More information

Electronic Health Information at Risk: A Study of IT Practitioners

Electronic Health Information at Risk: A Study of IT Practitioners Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic

More information

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015 The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security

More information

The Cost of Web Application Attacks

The Cost of Web Application Attacks The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The

More information

The Unintentional Insider Risk in United States and German Organizations

The Unintentional Insider Risk in United States and German Organizations The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction

More information

Data Breach: The Cloud Multiplier Effect

Data Breach: The Cloud Multiplier Effect Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:

More information

2015 Global Study on IT Security Spending & Investments

2015 Global Study on IT Security Spending & Investments 2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April

More information

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

The SQL Injection Threat & Recent Retail Breaches

The SQL Injection Threat & Recent Retail Breaches The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

The Challenge of Preventing Browser-Borne Malware

The Challenge of Preventing Browser-Borne Malware The Challenge of Preventing Browser-Borne Malware Sponsored by Spikes Security Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1.

More information

Reputation Impact of a Data Breach U.S. Study of Executives & Managers

Reputation Impact of a Data Breach U.S. Study of Executives & Managers Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

Cyber Security on the Offense: A Study of IT Security Experts

Cyber Security on the Offense: A Study of IT Security Experts Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report

More information

Security Metrics to Manage Change: Which Matter, Which Can Be Measured?

Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:

More information

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report

More information

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute

More information

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Global Insights on Document Security

Global Insights on Document Security Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security

More information

Data Security in the Evolving Payments Ecosystem

Data Security in the Evolving Payments Ecosystem Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

More information

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013 2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon

More information

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication

More information

The Cost of Malware Containment

The Cost of Malware Containment The Cost of Malware Containment Sponsored by Damballa Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report The Cost of Malware Containment Ponemon

More information

The State of Mobile Application Insecurity

The State of Mobile Application Insecurity The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State

More information

The Security Impact of Mobile Device Use by Employees

The Security Impact of Mobile Device Use by Employees The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security

More information

Security of Cloud Computing Users Study

Security of Cloud Computing Users Study Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part

More information

APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE

APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE INDEPENDENTLY CONDUCTED BY PONEMON INSTITUTE LLC, JULY 2016 Part 1. Introduction Ponemon Institute is pleased to present the results of Application Security

More information

The State of USB Drive Security

The State of USB Drive Security The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research

More information

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners 0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Advanced Threats in Retail Companies: A Study of North America & EMEA

Advanced Threats in Retail Companies: A Study of North America & EMEA Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report

More information

Defining the Gap: The Cybersecurity Governance Study

Defining the Gap: The Cybersecurity Governance Study Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining

More information

2013 State of the Endpoint

2013 State of the Endpoint 2013 State of the Endpoint Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report 2013 State of the Endpoint Ponemon Institute:

More information

Achieving Data Privacy in the Cloud

Achieving Data Privacy in the Cloud Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute

More information

Third Annual Study: Is Your Company Ready for a Big Data Breach?

Third Annual Study: Is Your Company Ready for a Big Data Breach? Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute

More information

The State of Data Centric Security

The State of Data Centric Security The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security

More information

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute

More information

Privileged User Abuse & The Insider Threat

Privileged User Abuse & The Insider Threat Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon

More information

Enhancing Cybersecurity with Big Data: Challenges & Opportunities

Enhancing Cybersecurity with Big Data: Challenges & Opportunities Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The

More information

Breaking Bad: The Risk of Insecure File Sharing

Breaking Bad: The Risk of Insecure File Sharing Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The

More information

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication

More information

Encryption in the Cloud

Encryption in the Cloud Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute

More information

The Cyber Security Leap: From Laggard to Leader

The Cyber Security Leap: From Laggard to Leader The Cyber Security Leap: From Laggard to Leader Contents Introduction......... 3 Ready to leapfrog?......... 4 Key study findings......... 4 THEME 1: Innovation and strategy: separating the leapfrogs from

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

2014: A Year of Mega Breaches

2014: A Year of Mega Breaches 2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A

More information

State of Web Application Security U.S. Survey of IT & IT security practitioners

State of Web Application Security U.S. Survey of IT & IT security practitioners State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon

More information

Cyber Threat Intelligence: Has to Be a Better Way

Cyber Threat Intelligence: Has to Be a Better Way Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging

More information

Corporate Data: A Protected Asset or a Ticking Time Bomb?

Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate

More information

Compliance Cost Associated with the Storage of Unstructured Information

Compliance Cost Associated with the Storage of Unstructured Information Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report

More information

The Human Factor in Data Protection

The Human Factor in Data Protection The Human Factor in Data Protection Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report The Human Factor in Data Protection

More information

IBM QRadar Security Intelligence: Evidence of Value

IBM QRadar Security Intelligence: Evidence of Value IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:

More information

National Survey on Data Center Outages

National Survey on Data Center Outages National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,

More information

The Role of Governance, Risk Management & Compliance in Organizations

The Role of Governance, Risk Management & Compliance in Organizations The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication

More information

Big Data Analytics in Cyber Defense

Big Data Analytics in Cyber Defense Big Data Analytics in Cyber Defense Sponsored by Teradata Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Big Data Analytics in Cyber

More information

2015 State of the Endpoint Report: User-Centric Risk

2015 State of the Endpoint Report: User-Centric Risk 2015 State of the Endpoint Report: User-Centric Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report 2015 State

More information

State of IT Security Study of Utilities & Energy Companies

State of IT Security Study of Utilities & Energy Companies State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of

More information

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part

More information

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013 The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach

More information

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon

More information

Security of Cloud Computing Users A Study of Practitioners in the US & Europe

Security of Cloud Computing Users A Study of Practitioners in the US & Europe Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report

More information

Privacy and Security in a Connected Life: A Study of US Consumers

Privacy and Security in a Connected Life: A Study of US Consumers Privacy and Security in a Connected Life: A Study of US Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute

More information

The Economic and Productivity Impact of IT Security on Healthcare

The Economic and Productivity Impact of IT Security on Healthcare The Economic and Productivity Impact of IT Security on Healthcare Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: May 2013 Ponemon Institute Research Report The

More information

The TCO of Software vs. Hardware-based Full Disk Encryption Summary

The TCO of Software vs. Hardware-based Full Disk Encryption Summary The TCO of vs. -based Full Disk Encryption Summary Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research Report

More information

The economics of IT risk and reputation

The economics of IT risk and reputation Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global

More information

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral

More information

IBM QRadar: Evidence of Value

IBM QRadar: Evidence of Value IBM QRadar: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report IBM QRadar: Evidence of Value Ponemon Institute: February 2014 Part 1. Introduction

More information

Privacy and Security in a Connected Life: A Study of European Consumers

Privacy and Security in a Connected Life: A Study of European Consumers Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research

More information

2015 Global Cyber Impact Report

2015 Global Cyber Impact Report 2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015

More information

First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies

First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies Sponsored by ArcSight Independently conducted by Ponemon Institute LLC Publication Date: July 2010 Ponemon Institute Research Report

More information

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:

More information

Critical Infrastructure: Security Preparedness and Maturity Sponsored by Unisys

Critical Infrastructure: Security Preparedness and Maturity Sponsored by Unisys Critical Infrastructure: Security Preparedness and Maturity Sponsored by Unisys Independently conducted by Ponemon Institute LLC Publication Date: July 2014 31 Part 1. Introduction Ponemon Institute is

More information

The Fraud Report: How Fake Users Are Impacting Business

The Fraud Report: How Fake Users Are Impacting Business The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud

More information

Challenges of Cloud Information

Challenges of Cloud Information The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research

More information

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc. Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.

More information

Reputation Impact of a Data Breach Executive Summary

Reputation Impact of a Data Breach Executive Summary Reputation Impact of a Data Breach Executive Summary Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research

More information

Ed Adams, CEO Security Innovation. Dr. Larry Ponemon Ponemon Institute. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.

Ed Adams, CEO Security Innovation. Dr. Larry Ponemon Ponemon Institute. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. 2012 Study on Application Security: AS Survey of fits Security and dd Developers Ed Adams, CEO Security Innovation Dr. Larry Ponemon Ponemon Institute 2012 ISACA Webinar Program. 2012 ISACA. All rights

More information

2012 Business Banking Trust Trends Study

2012 Business Banking Trust Trends Study 2012 Business Banking Trust Trends Study Sponsored by Guardian Analytics Independently conducted by Ponemon Institute LLC Publication Date: August 2012 Ponemon Institute Research Report Part 1. Introduction

More information

2015 Cost of Data Breach Study: United States

2015 Cost of Data Breach Study: United States 2015 Cost of Data Breach Study: United States Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report 2015 1 Cost of Data Breach

More information

LiveThreat Intelligence Impact Report 2013

LiveThreat Intelligence Impact Report 2013 LiveThreat Intelligence Impact Report 2013 Sponsored by Independently conducted by Ponemon Institute LLC Publication Date: July 2013 Ponemon Institute Research Report Contents Part 1. Introduction 3 Executive

More information

State of SMB Cyber Security Readiness: UK Study

State of SMB Cyber Security Readiness: UK Study State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction

More information

Global Study on the State of Payment Data Security

Global Study on the State of Payment Data Security Global Study on the State of Payment Data Security 3 Introduction We are pleased to present the findings of The Global Study on the State of Payment Data Security Study conducted on behalf of Gemalto by

More information