Defining the Gap: The Cybersecurity Governance Study
|
|
- Madlyn Horn
- 8 years ago
- Views:
Transcription
1 Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report
2 Defining the Gap: The Cybersecurity Governance Study Ponemon Institute: June 2015 Boards that choose to ignore, or minimize, the importance of cybersecurity responsibility do so at their own peril. SEC Commissioner Luis A. Aguilar, June 10, 2014 Part 1. Introduction Costly and reputation diminishing cyber attacks have made cybersecurity governance a critical business issue. Concerns about cybersecurity are no longer limited to the IT function. Rather, the possibility of regulatory fines, litigation and costs associated with resolving a security incident has elevated the issue to the boardroom. The purpose of Defining the Gap: The Cybersecurity Governance Study conducted by Ponemon Institute and sponsored by Fidelis Cybersecurity is to determine if boards of directors are a help or hindrance to creating a strong cybersecurity posture. As the findings reveal, boards of directors are not as informed and knowledgeable about cybersecurity risks as they should be in order to fulfill their governance responsibilities. They also lack visibility into the cyber threat landscape affecting their companies and suffer from distrust between IT security professionals and the board. We surveyed 245 board members in a variety of industry sectors in the United States and 409 IT security professionals, mainly CISOs, CIOs and CTOs. The study reveals that boards have been slow to prioritize the importance of cybersecurity governance practices. It was not until the 2013 Target breach that cybersecurity risks had an impact on the board s agenda. One possible explanation for the lack of attention to security threats could be their admitted lack of knowledge and expertise about cybersecurity. Sixty-seven percent of board members report they have only some knowledge (41 percent) or minimal or no knowledge about cybersecurity (26 percent). Despite admitting their lack of knowledge about cybersecurity, 70 percent of board members have confidence that they understand the security risks their organizations face, as shown in Figure 1. However, only 43 percent of IT security professionals think that their board is informed about threats facing the organization. To bridge these very different perceptions about the board s visibility into the threat landscape, more communication between the board and IT function is sorely needed. Further, only 18 percent of IT security professionals believe their boards cybersecurity governance practices are effective. This gap in trust between corporate leadership and those in the trenches needs to be closed for organizations to face increasingly stealthy and sophisticated cyber risks. 1
3 Following are five findings that illustrate why boards of directors are not as informed as they should be in order to make decisions affecting the security preparedness of organizations: Board members admit their knowledge about cybersecurity is limited. Only 33 percent of board members say they are very knowledgeable or knowledgeable about cybersecurity. However, of the 65 percent of board members in our study who say cybersecurity is on the agenda most (76 percent of respondents) say they review and approve strategy and incident response plans. Board members and IT security professionals need to communicate on a regular basis. Board members may not be receiving information and briefings about cyber attacks and data breaches affecting their organization, limiting their visibility into their current risks and the overall threat landscape. The findings reveal that as many as one in five board members are not certain if their organizations had a data breach, theft of high value information or a disruption of services due to a cyber attack. IT security professionals are skeptical about their boards understanding of cybersecurity risks. Board members strongly believe they recognize the damage to reputation that can be a consequence of a data breach, agree that tone at the top is critical to achieving a strong security posture and understand the security risks to the organization. However, information security professionals do not trust that the board is effective in dealing with these governance issues due to the knowledge and visibility gaps. Board members may be overly confident about the effectiveness of their cybersecurity governance practices. Fifty-nine percent of board member respondents rate their cybersecurity governance practices as very effective. However, only 18 percent of IT security professionals believe this is the case. It took the Target breach to get the board s attention. There have been many breaches over the past few years that perhaps should have served as a wakeup call for the board about cybersecurity. However, this research shows it was only recently with the Target breach did the importance of reducing these threats become critical for the C-suite and boardroom. 2
4 Part 2. Key findings In this section, we provide an analysis of the key findings. The complete audited findings are presented in the appendix of this report. We have organized the report according to the following themes: Cybersecurity governance and the importance of an informed board of directors A cybersecurity governance strategy for a changing threat landscape The Security & Exchange Commission (SEC) guidelines and cybersecurity governance Cybersecurity governance and the importance of an informed board of directors Board members admit their knowledge about cybersecurity is limited. The knowledge gap, as shown in Figure 2, is significant. Only 33 percent of board members report they are knowledgeable about cybersecurity. In contrast, 81 percent of IT security professionals say they have the expertise to deal with risks. As a result, boards may lack the information needed to make decisions about cybersecurity governance and meaningful communication between the two groups about cyber risks is a challenge. Figure 2. How knowledgeable are you about cybersecurity? 60% 50% 40% 30% 20% 10% 0% 9% 31% 24% 50% 41% 19% 26% Very knowledgeable Knowledgeable Some knowledge Minimal or no knowledge 0% ITS 3
5 Board members may be overly confident in the effectiveness of cybersecurity governance practices but those dealing with the threats are not. As shown in Figure 3, 59 percent of board members rate their cybersecurity governance practices as very effective on a scale of 1 = low effectiveness to 10 = high effectiveness. However, only 18 percent of IT security professionals believe this is the case. This finding reveals the deep divide in the thinking about what constitutes effective governance practices between board members who are in charge of overall company performance and those responsible for stopping data breaches and cyber attacks. This divide is likely the result of the lack of knowledge held by the by board compared to IT security professionals. Figure 3. How effective are your organization s cybersecurity governance practices? Extrapolated mean: = 8.1, ITS = % 60% 59% 50% 40% 30% 20% 10% 0% 36% 24% 19% 20% 18% 13% 8% 3% 0% 1 or 2 3 or 4 5 or 6 7 or 8 9 or 10 ITS 4
6 Board members are often in the dark about data breaches and security incidents involving the theft of high-value information. Board members may not be receiving information and briefings about cyber attacks and data breaches affecting their organization. Figure 4 shows boards of directors are as not as aware as IT security practitioners about data breaches their organization has had (59 percent of board members vs. 71 percent of IT security professionals). Forty-one percent of board members say their organization did not have a data breach (23 percent) or unsure (18 percent). In contrast, only 29 percent of IT security professionals say their organization did not have a data breach (24 percent) or unsure (5 percent). Figure 4. Did your organization have a data breach that resulted in lost or stolen records? 80% 70% 60% 50% 40% 59% 71% 30% 20% 23% 24% 18% 10% 5% 0% Yes No Unsure ITS According to Figure 5, 54 percent of IT security professionals confirm that their organizations had a data breach involving the theft of high-value information, suggesting that the theft of such information is happening frequently. However, only 23 percent of board members believe their companies had a data breach involving intellectual property and 18 percent are unsure. Figure 5. Did your organization have a data breach involving high-value information? 70% 60% 54% 59% 50% 40% 39% 30% 20% 23% 18% 10% 7% 0% Yes No Unsure ITS 5
7 Boards are also uninformed about business disruptions or IT operations. One of the most important responsibilities for IT security professionals is minimizing downtime and business disruption in the aftermath of a cyber attack. The financial consequences of such a security incident can be huge. Figure 6 reveals a significant gap in awareness between the board and IT security about these types of attacks that occurred in the past two years. Figure 6. Did your organization have a cyber attack that disrupted business or IT operations? 70% 60% 50% 60% 63% 40% 34% 30% 20% 19% 21% 10% 3% 0% Yes No Unsure ITS Uncertainty about security incidents puts organizations at risk. In Figure 7, we combine the unsure responses in the previous figures to illustrate the lack of visibility boards have into attacks against the organization. This finding indicates that communication between the board and IT security about security threats, vulnerabilities and risks is not effective Figure 7. Uncertainty about cyber attacks and data breaches in the past two years Unsure response The organization experienced a cyber attack that disrupted business or IT operations 3% 21% The organization had a data breach involving the theft of high-value information (i.e., intellectual property) 7% 18% The organization had a data breach involving 10,000 or more lost or stolen sensitive or confidential records 5% 18% 0% 5% 10% 15% 20% 25% ITS 6
8 IT security professionals are skeptical about their boards understanding of cybersecurity risks. As shown in Figure 8, board members strongly agree that they recognize the damage to reputation that can be a consequence of a data breach, agree that tone at the top is critical to achieving a strong security posture and understand the security risks to the organization. However, board members do not share the same level of agreement with IT security professionals that existing communications keep the board fully informed about security threats, vulnerabilities and risks. This indicates that the board is not communicating its attitudes about cybersecurity well to IT security professionals, while the IT security professionals are not adequately communicating information about cybersecurity risks to the board. Figure 8. Board members and IT security professionals governance gap Strongly agree & agree response combined Our board recognizes the impact upon reputation and marketplace value resulting from security failures or breaches 59% 89% Our board believes the tone at the top is critical to achieving a strong security posture 57% 88% Our board of directors understands the security risks to the organization 43% 70% Our board believes the company s upstream communications will keep them fully informed about security threats, vulnerabilities and risks 64% 74% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% ITS 7
9 Board members and IT security professionals worry about different cybersecurity risks. As shown in Figure 9, board members are most concerned about the loss or theft of intellectual property even though they are unable to confirm that a data breach involving such information occurred in the past two years. In contrast, IT security professionals are focused on a cyber attack that significantly disrupts business and/or IT operations (downtime). Figure 9. What worries respondents most? A data breach involving the theft of high-value information (i.e., intellectual property) 31% 43% A data breach involving the loss or theft of customer records 22% 39% A cyber attack that significantly disrupts business and/or IT operations (i.e., downtime) 12% 33% A cyber attack that damages IT systems and infrastructure A data breach involving the loss or theft of employee data 4% 2% 3% 11% 0% 10% 20% 30% 40% 50% ITS 8
10 A cybersecurity governance strategy for a changing threat landscape Board members and IT security professionals agree that cybersecurity risk to their organizations is high. The findings reveal that both groups understand cybersecurity risks are high on a scale of 1 = very low to 10 = very high, as shown in Figure 10. As a result, 65 percent of board members and 63 percent of IT security professionals say cybersecurity governance or risk management is on the board s agenda. Figure 10. How high is the cybersecurity risk? Extrapolated mean: = 7.40, ITS = % 50% 48% 40% 30% 20% 21% 25% 31% 26% 38% 10% 0% 5% 6% 0% 0% 1 or 2 3 or 4 5 or 6 7 or 8 9 or 10 ITS Thirty-five percent of board members prefer to leave cybersecurity decisions in the hand of IT security. Despite Commissioner Aguilar s comments, 35 percent of board members say cybersecurity is not on their agenda. The reasons, as shown in Figure 11, reflect the board members desire to delegate cybersecurity in the hands of management (79 percent) and concerns about their personal liability (51 percent). Twenty-five percent admit their lack of knowledge about the topic. Figure 11. Why cybersecurity governance is not on the board s agenda Security governance is best handled by the company s management 79% Concerns about director liability 51% Lack of directors expertise and knowledge about cybersecurity 25% Lack of resources Not considered a priority issue 15% 13% Other 3% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 9
11 Board members that have cybersecurity on the agenda are involved in strategy, assessments and investments. Figure 12 reveals that they review and approve a formal security strategy and incident response plan (76 percent of respondents), assess the effectiveness of the organization s security policy (63 percent of respondents) and optimize cybersecurity investments in support of organizational efforts. Both groups also confirm that their organization has a crisis management plan in place to deal with cyber attacks. Figure 12. Cybersecurity topics on the board s agenda More than one response permitted The review and approval of a formal security strategy and incident response plan 76% Assessments to ensure the effectiveness of the organization s security policies 63% The optimization of cybersecurity investments in support of organizational efforts 57% The strategic alignment of cybersecurity with business strategy to support organizational goals 55% The identification of cybersecurity leaders in the organization who will be held accountable and supported by the board 44% The use of cybersecurity metrics to ensure an acceptable level of risk for the organization 19% Other 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% 10
12 Top cybersecurity oversight and management activities, shown in Figure 13, may not be sufficient to address current threat landscape. Today, most boards are engaged in overseeing risk assessments and audits, reviewing the crisis management plan and determining insurance requirements. However, oversight activities that would make more of a contribution to the cybersecurity strategy of an organization are rarely on the board s agenda such as ensuring compliance with laws and regulations. Figure 13. Top cybersecurity oversight activities More than one response permitted Oversee risk assessments and audits Review the company s crisis management plan 73% 75% 69% 70% Determine insurance requirements 55% 51% Review and approve budget requests Oversee periodic exercise of the incident response plan and review the results Ensure compliance with laws and regulations 38% 39% 36% 39% 31% 26% 0% 10% 20% 30% 40% 50% 60% 70% 80% ITS 11
13 Figure 14 reveals even more important oversight activities boards are not engaged in such as developing strategies for cybersecurity, evaluating security threat intelligence and identifying emerging security risks. Figure 14. Cybersecurity oversight activities rarely conducted More than one response permitted Identify emerging security risks 25% 22% Oversee the positioning of the CISO within the organizational structure to ensure a strong, independent role 21% 25% Review and approve cybersecurity policies 17% 15% Establish metrics for security effectiveness and efficiency 16% 19% Develop strategies for cybersecurity 15% 13% Evaluate the CISO s job performance 13% 12% Evaluate security threat intelligence 9% 11% 0% 5% 10% 15% 20% 25% 30% ITS 12
14 Boards of directors and IT security professionals are involved in similar activities. As shown in Figure 15, activities following the breach or cyber attack primarily involved receiving briefings from senior executives and/or the CISO, reviewing the financial impact of the security incident, evaluating the adequacy of insurance coverage and exposure and obtaining on-going reports on the status of remediation efforts. Figure 15. Top four activities following a data breach or cyber attack Received briefing from senior executives and/or the CISO 81% 81% Reviewed financial impact of this security incident Evaluated the adequacy of insurance coverage and exposure Obtained on-going reports on the status of remediation efforts 73% 71% 67% 68% 67% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% ITS 13
15 It took the Target breach to get the board s attention. As shown in Figure 16, the research shows that only recently with the Target breach did the importance of reducing these threats become critical for the C-suite and boardroom. Not having as significant an impact are those security incidents affecting government agencies, such as the VA data breach and hacks of the healthcare.gov website in Figure 16. How have well-publicized data breaches and security incidents impacted your involvement in cybersecurity governance? Significant & moderate impact response combined Target data breach 89% Recent case involving Chinese spys operating within Pittsburgh area companies JP Morgan Chase cyber attack Insider threats and recent cases involving malicious employees Home Depot data breach 72% 68% 62% 62% Sony PlayStation data breach Chatter about cyber terrorist attacks against critical infrastructure TJX data breach 36% 32% 40% Veteran s Administration data breach Successful hack of the Healthcare.gov website 11% 17% 0% 20% 40% 60% 80% 100% 14
16 The Security & Exchange Commission (SEC) guidelines and cybersecurity governance Do boards of directors worry about their potential liability if a serious security incident involving their organization occurs? As shown in Figure 17, 84 percent of IT practitioners believe the board worries about their potential liability. However, a smaller percentage of board members (69 percent) are concerned about the potential liability. Figure 17. Are board members concerned about their potential liability if the company has a serious security incident? 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 43% 41% 36% 33% 15% 10% 9% 6% 6% 1% Strongly agree Agree Unsure Disagree Strongly disagree ITS 15
17 In October 2011, the SEC issued guidelines for the disclosure of cybersecurity risk information. While there is no specific requirement associated with cybersecurity risks, it also states such disclosure of cybersecurity risk information is necessary if such risks have a potential material impact on other reporting requirements. The SEC does not expect registrants to disclose information that might compromise their cybersecurity operations. It will take, however, a mandate before SEC guidelines will be followed. Only 5 percent of board members say their organization follows the SEC guidelines and voluntarily discloses a material security incident to shareholders. Data breach experience influences perceptions about the SEC mandates. Fifty-nine percent of board members say their organization had a data breach involving 10,000 or more sensitive or confidential records. These respondents are far more convinced than others the SEC will issue regulations requiring disclosure of material security incidents. As shown in Figure 18, 83 percent of board members whose organizations had a data breach believe the SEC will issue mandated regulations. In organizations that did not experience a data breach, only 17 percent of board members in this study believe mandates will be issued. Figure 18. Do you believe the SEC will issue regulations that mandate the financial disclosure of material security incidents? Yes or No/Unsure responses 90% 80% 83% 70% 60% 61% 50% 40% 39% 30% 20% 17% 10% 0% Had a data breach SEC will issue mandated regulations Did not have a data breach SEC will not issue mandated regulations 16
18 As shown in Figure 19, 81 percent of board members believe this mandate will increase the board s involvement in cybersecurity governance significantly (40 percent of respondents) or some increase (41 percent of respondents). Figure 19. How an SEC mandate will affect the board s involvement in cybersecurity governance 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 40% 41% 11% 8% Yes, significant increase Yes, some increase No Unsure 17
19 Will current governance practices change after the mandate? As shown in Figure 19, cybersecurity governance is reviewed annually, according to 40 percent of board members. More frequent reviews such as quarterly (33 percent) and semi-annually (16 percent) are not conducted as often as they should be due to the constantly changing threat environment. The board-level committees most responsible for overseeing cybersecurity governance are the audit committee (40 percent of board members) and the risk committee (29 percent of board members). Figure 20. How frequently is cybersecurity governance reviewed? 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 33% 16% 40% 5% 6% Quarterly Semi-annually Annually As needed No regular meetings scheduled 18
20 Part 3. Conclusion: Improving the board of directors role in cybersecurity governance Target and, more recently, the Sony breach are examples of the huge liability companies can face when cyber criminals steal confidential and high value information. As discussed in this report, boards of directors are realizing the risk is high, and therefore, it is important to work with the IT function to strengthen their companies cybersecurity posture. However, there are significant gaps between the board and IT on how best to achieve this goal. Some recommendations include the following: Appoint a cybersecurity expert to the board to address the knowledge gap. The research reveals that in many companies the board lacks knowledge about security risks and such expertise would help when reviewing and approving a formal strategy and incident response plan. Form a special cybersecurity committee to elevate the attention and importance of the risk and ensure it is on the board s agenda. Invite cybersecurity experts to conduct frequent briefings to provide board members visibility into the threat landscape and how it may impact the company. This will also increase the trust and communication between the two groups. Prepare for the SEC mandate and requirement for financial disclosures about material security incidents. SEC Commissioner Aguilar also urges boards to refer the National Institute of Standards and Technology s February 2014 report entitled the Framework for Improving Critical Infrastructure Cybersecurity, which he said is likely to become a baseline for best practices by companies, including in assessing legal or regulatory exposure to these issues or for insurance purposes. 19
21 Part 4. Methods A sampling frame composed of 6,713 members of boards of directors and 10,928 IT security practitioners located in a variety of industry sectors in the United States was selected for participation in this survey. As shown in the following table, 274 members of boards of directors and 505 IT security respondents completed the survey. Screening removed 125 surveys. The final sample was 245 members of boards (3.6 percent response rate) and 409 IT security respondents (3.7 percent response rate). Table 1. Sample response Board of Directors IT security Total sampling frame 6,713 10,928 Returns Rejected and screened surveys Final sample Response rate 3.6% 3.7% Pie Chart 1 reports the professional background for the boards of directors respondents. Fortyone percent of these respondents described their professional background as CEO or senior executive and 22 percent reported they are financial experts or auditors. Pie Chart 1. What best describes your professional background? 6% 15% 6% 5% 5% 41% CEO/senior executive Financial expert or auditor Venture capitalist Academician Former politician Entrepreneur or business founder Former regulator 22% Pie Chart 2 reports the professional background for IT security survey participants. Almost half (49 percent) of these respondents described their professional background as an IT director or executive such as the CIO or CTO. Pie Chart 2. What best describes your professional background? 18% IT director or executive (CIO, CTO) 49% IT security leader (CISO) Other 33% 20
22 As shown in Pie Chart 3, 62 percent of board member respondents reported they have served on 1 or more boards in the past five years. Pie Chart 3. How many boards of publicly traded companies have you served on over the past five years? Extrapolated average = 1.37 years 4% 13% 38% None 1 or 2 3 or 4 5 or more 45% Pie Chart 4 reveals that in the past five years, 71 percent of respondents reported they have served on 1 or more boards of closely-held companies. Pie Chart 4. How many boards of closely-held (non-public) companies have you served on over the past five years? Extrapolated average = 1.65 years 29% 29% None 1 or 2 3 or 4 42% 21
23 As shown in Pie Chart 5, 73 percent of respondents reported they have served on boards for 6 or more years. The average respondent has served 9.27 years. Pie Chart 5. How long have you served on boards? Extrapolated average = 9.27 years 11% 2% 25% Less than 1 year 16% 1 to 5 years 6 to 10 years 11 to 20 years More than 20 years 46% Figure 20 reports the primary industry focus of respondents organizations. This chart identifies financial services (19 percent) as the largest segment for and also ITS (18 percent). Eleven percent of respondents and 12 percent of ITS respondents indicated technology and software as their industry focus. Figure 20. Primary industry classification Financial services Technology & software Health & pharmaceuticals Industrial Services Retail Public sector Hospitality & leisure Energy & utilities Consumer products Transportation Entertainment & media Education & research Agriculture & food services Communications 4% 5% 4% 3% 4% 5% 3% 2% 3% 2% 2% 3% 2% 1% 1% 1% 11% 12% 11% 13% 10% 8% 9% 8% 9% 10% 8% 9% 19% 18% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% ITS 22
24 Part 5. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are members of boards of directors or IT security practitioners in various organizations in the United States. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a specified time period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses. 23
25 Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured in October Sample response ITS Total sampling frame 6,713 10,928 Total returns Screened or rejected surveys Final sample Response rate 3.6% 3.7% Q1. Please rate the effectiveness of your organization s cybersecurity governance practices. 10-point scale, where 1 = low to 10 = high. ITS 1 or 2 0% 3% 3 or 4 8% 19% 5 or 6 13% 36% 7 or 8 20% 24% 9 or 10 59% 18% Extrapolated value Q2. Please rate the level of cybersecurity risk to your organization. 10- point scale, where 1 = low to 10 = high. ITS 1 or 2 0% 0% 3 or 4 5% 6% 5 or 6 21% 25% 7 or 8 48% 31% 9 or 10 26% 38% Extrapolated value Q3. With respect to cybersecurity risk, what concerns you most? Please select only one. ITS A data breach involving the loss or theft of customer records 39% 22% A data breach involving the loss or theft of employee data 2% 3% A data breach involving the theft of high-value information (i.e., intellectual property) 43% 31% A cyber attack that significantly disrupts business and/or IT operations (i.e., downtime) 12% 33% A cyber attack that damages IT systems and infrastructure 4% 11% Other (please specify) 0% 0% Q4a. Is cybersecurity governance or risk management on the board s agenda? ITS Yes 65% 63% No 35% 37% 24
Is Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationThe State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015
The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security
More informationData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:
More informationThe Importance of Senior Executive Involvement in Breach Response
The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationThe Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationThe Unintentional Insider Risk in United States and German Organizations
The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction
More informationReputation Impact of a Data Breach U.S. Study of Executives & Managers
Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April
More informationData Security in the Evolving Payments Ecosystem
Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report
More informationThe Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners
The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute
More informationA Study of Retail Banks & DDoS Attacks
A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of
More informationData Security in Development & Testing
Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development
More informationAchieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014
Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving
More informationThe Security Impact of Mobile Device Use by Employees
The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security
More information2012 Application Security Gap Study: A Survey of IT Security & Developers
2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part
More informationThird Annual Study: Is Your Company Ready for a Big Data Breach?
Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute
More information2014: A Year of Mega Breaches
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
More informationThe SQL Injection Threat Study
The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April
More informationThe Cost of Web Application Attacks
The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The
More informationUnderstanding Security Complexity in 21 st Century IT Environments:
Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted
More informationElectronic Health Information at Risk: A Study of IT Practitioners
Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More informationWhat You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage
What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report
More informationRisk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin
Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction
More informationGlobal Insights on Document Security
Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security
More informationThe State of Data Centric Security
The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security
More informationUnderstaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security
Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research
More information2015 Global Study on IT Security Spending & Investments
2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming
More informationSecurity of Cloud Computing Users Study
Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part
More information2015 Global Cyber Impact Report
2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015
More informationCloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication
More informationLeading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers
Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral
More informationThe State of Mobile Application Insecurity
The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State
More informationPerceptions About Network Security Survey of IT & IT security practitioners in the U.S.
Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon
More informationCorporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate
More informationAdvanced Threats in Retail Companies: A Study of North America & EMEA
Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report
More informationAchieving Data Privacy in the Cloud
Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute
More informationPerceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)
Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationSecurity of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014
Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction
More informationHow Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States
How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:
More informationChallenges of Cloud Information
The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research
More informationThe State of USB Drive Security
The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research
More informationThe Aftermath of a Data Breach: Consumer Sentiment
The Aftermath of a Data Breach: Consumer Sentiment Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research
More informationThe SQL Injection Threat & Recent Retail Breaches
The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &
More informationThe Fraud Report: How Fake Users Are Impacting Business
The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud
More informationCyber Security on the Offense: A Study of IT Security Experts
Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report
More informationThreat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations
Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute
More informationSurvey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.
Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.
More information2015 Global Megatrends in Cybersecurity
2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in
More informationThe Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations
The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part
More information2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition
2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute
More informationBreaking Bad: The Risk of Insecure File Sharing
Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The
More informationThe Role of Governance, Risk Management & Compliance in Organizations
The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication
More informationThe 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season
The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon
More informationState of Web Application Security U.S. Survey of IT & IT security practitioners
State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon
More informationEfficacy of Emerging Network Security Technologies
Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part
More informationBest Practices in Data Protection Survey of U.S. IT & IT Security Practitioners
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.
More informationEncryption in the Cloud
Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute
More informationNational Survey on Data Center Outages
National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,
More informationHow Much Is the Data on Your Mobile Device Worth?
How Much Is the Data on Your Mobile Device Worth? Sponsored by Lookout Independently conducted by Ponemon Institute LLC Publication Date: January 2016 Ponemon Institute Research Report Part 1. Introduction
More informationState of IT Security Study of Utilities & Energy Companies
State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of
More informationGlobal Survey on Social Media Risks Survey of IT & IT Security Practitioners
0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on
More informationThe Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013
The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach
More informationPrivileged User Abuse & The Insider Threat
Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon
More informationSponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA
The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationPrivacy and Security in a Connected Life: A Study of European Consumers
Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research
More information2013 Cost of Data Center Outages
2013 Cost of Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Part 1. Executive Summary 2013 Cost of Data Center Outages Ponemon Institute, December
More informationData Loss Risks During Downsizing As Employees Exit, so does Corporate Data
Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009 Sponsored by Symantec Corporation Ponemon
More informationThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader Contents Introduction......... 3 Ready to leapfrog?......... 4 Key study findings......... 4 THEME 1: Innovation and strategy: separating the leapfrogs from
More informationThe Economic and Productivity Impact of IT Security on Healthcare
The Economic and Productivity Impact of IT Security on Healthcare Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: May 2013 Ponemon Institute Research Report The
More informationCyber Threat Intelligence: Has to Be a Better Way
Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging
More informationCompliance Cost Associated with the Storage of Unstructured Information
Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report
More informationEd Adams, CEO Security Innovation. Dr. Larry Ponemon Ponemon Institute. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
2012 Study on Application Security: AS Survey of fits Security and dd Developers Ed Adams, CEO Security Innovation Dr. Larry Ponemon Ponemon Institute 2012 ISACA Webinar Program. 2012 ISACA. All rights
More information2015 Cost of Data Breach Study: United States
2015 Cost of Data Breach Study: United States Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report 2015 1 Cost of Data Breach
More informationThird Annual Survey on Medical Identity Theft
Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:
More informationFirst Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies
First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies Sponsored by ArcSight Independently conducted by Ponemon Institute LLC Publication Date: July 2010 Ponemon Institute Research Report
More informationIBM QRadar Security Intelligence: Evidence of Value
IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:
More informationEconomic impact of privacy on online behavioral advertising
Benchmark study of Internet marketers and advertisers Independently Conducted by Ponemon Institute LLC April 30, 2010 Ponemon Institute Research Report Economic impact of privacy on online behavioral advertising
More informationSecurity of Cloud Computing Providers Study
Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary
More informationEnhancing Cybersecurity with Big Data: Challenges & Opportunities
Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The
More informationSecurity of Cloud Computing Providers Study
Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary
More informationCybersecurity and the Threat to Your Company
Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September
More informationThe TCO of Software vs. Hardware-based Full Disk Encryption Summary
The TCO of vs. -based Full Disk Encryption Summary Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research Report
More informationReputation Impact of a Data Breach Executive Summary
Reputation Impact of a Data Breach Executive Summary Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationState of SMB Cyber Security Readiness: UK Study
State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction
More information2012 Cost of Cyber Crime Study: Germany
2012 Cost of Cyber Crime Study: Germany Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: October 2012 Ponemon Institute Research Report Part 1. Executive
More informationSecond Annual Benchmark Study on Patient Privacy & Data Security
Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report
More informationThe TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan
The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute Research Report
More informationThe economics of IT risk and reputation
Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global
More informationSecurity of Cloud Computing Users A Study of Practitioners in the US & Europe
Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report
More informationPerceptions about Self-Encrypting Drives: A Study of IT Practitioners
Perceptions about Self-Encrypting Drives: A Study of IT Practitioners Executive Summary Sponsored by Trusted Computing Group Independently conducted by Ponemon Institute LLC Publication Date: April 2011
More information