The Unintentional Insider Risk in United States and German Organizations
|
|
- Bonnie Price
- 8 years ago
- Views:
Transcription
1 The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015
2 2 Part 1. Introduction The Unintentional Insider Risk in United States and German Organizations July 2015 All workplaces share the same security threat: the well meaning but careless employee who may be more focused on productivity than protecting the company s sensitive or confidential information. Often, without thinking of the potential consequences, they leave confidential documents in plain view, share passwords, circumvent security procedures, are duped by phishing scams and transfer sensitive data to the public cloud without company approval. The Unintentional Insider Risk in United States and German Organizations was conducted by Ponemon Institute and sponsored by Raytheon Websense. We surveyed 1,071 IT and IT security practitioners in the United States and Germany who understand and are familiar with the security risks created by negligent or careless employees and other insiders in their organizations. Organizations in both countries strive to have a strong security posture. Germany is often on the cutting edge of deploying security technologies and is a strict enforcer of security policies in the workplace. 1 With this in mind, we wanted to determine if cultural differences in the workplace would impact how German and U.S. IT security practitioners manage this risk. We also thought it would be interesting to study the characteristics of the negligent insider and if they differ between these two countries. As shown in Figure 1, both German and U.S. IT practitioners agree unintentional employee negligence not only severely diminishes the productivity of the IT function it also causes more security incidents than intentional and malicious acts. We also determined that it can cost a U.S. company as much as $1.5 million and a Germany company 1.6 million in time wasted responding to security incidents caused by human error. Moreover, if a data breach should happen because of negligence, the average cost per record in the U.S. is $198 and 145 in Germany. 2 Following are other key takeaways: Telling the difference between malicious and negligent security incidents is difficult. Forty-four percent of German and 49 percent of U.S. respondents report they cannot tell the difference between security incidents caused by employees who are careless and those who are malicious. Those who say they can differentiate between maliciousness and negligence, say it represents an average of 70 percent (U.S. respondents) or 63 percent (German respondents) of all insider security incidents. 1 Ponemon Institute IT Security Tracking Study, March Cost of Data Breach: United States and Germany, sponsored by IBM, May
3 3 Insider negligence diminishes productivity. IT security practitioners spend an average of almost three hours each day dealing with the security risks caused by employee mistakes or negligence. In addition, they say almost two hours is wasted due to insider carelessness. Improvements in productivity and in-house IT security expertise would be the benefits of fewer insider security incidents. Minimizing the insider threat would enable the IT staff to be more productive and have resources to increase their security expertise. A third benefit would be the ability to increase investment in technologies. German and U.S. respondents have very different perceptions about the unintentional insider risk. German respondents are more likely to agree that their organizations do not have the necessary safeguards in place to protect their organization from careless employees (54 percent of Germans agree and 46 percent of U.S. respondents agree). Respondents in the U.S. are more likely to agree their employees are not properly trained to follow data security policies and senior executives do not consider data security a priority. 3
4 4 Part 2. Key findings In this section, we provide an analysis of the key findings. The complete audited findings are presented in the appendix of the report. We have organized the report according to the following topics: Profile of the unintentional insider The impact of employee negligence on the productivity of IT security staff Cultural differences in the unintentional insider risk Risky scenarios likely to occur and create a security incident Who is most careless and negligent? Both German and U.S. respondents say it is the ordinary user or contractor and third parties who are most likely to put sensitive and confidential information at risk. However, as shown in Figure 2, German respondents are more likely to consider contractors and third parties a threat. U.S. respondents are more likely to view the privileged insider as being negligent. Figure 2. Who is the biggest security risk because of their negligence? Two responses permitted Ordinary users Contractors and third parties Privileged users C-level executives Administrative employees Other CEO 2% 1% 2% 1% 8% 9% 30% 27% 29% 39% 50% 72% 66% 64% 0% 10% 20% 30% 40% 50% 60% 70% 80% U.S. DE 4
5 5 What are the characteristics of employees who pose the greatest risk? As noted above, ordinary users and contractors are considered by respondents to pose the greatest risk. The study also considered the profile of employees who pose the greatest risk. Figure 3 reveals that new or entry employees are considered to create the most risk suggesting the importance of training and awareness programs for this group. Other high-risk employees are those who travel frequently, younger employees and employees who work offsite. The least risky are seasoned employees with several years of relevant work experience. Figure 3. Characteristics of employees who pose the greatest risk On a scale of 1 = low risk to 10 = high risk, 7+ level of risk reported New/entry level employee 81% 80% Frequent travelers Younger employees (millennials) Employees who work offsite Male employees 71% 68% 68% 70% 66% 70% 66% 63% Female employees Older employees (baby boomers) Employees with college or university degree Employees with high school education (no college or university degree) 45% 40% 44% 49% 46% 43% 57% 51% Seasoned employees with several years of relevant work experience 29% 24% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% U.S. DE 5
6 6 Long hours and multi-tasking are also red flags for risk. Multi-taskers are more likely to be careless or negligent according to 79 percent of U.S. respondents and 81 percent of German respondents, as shown in Figure 4. Employees who work too many hours also pose a risk. On average, U.S. employees work longer than German employees (48 hours versus 35 hours). Figure 4. Do long hours and multi-tasking signal potential risk? Yes response 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 79% 81% Do you believe employees who multi-task are more likely to be careless or negligent? U.S. 69% 56% Do you believe employees who work too many hours are more likely to be careless or negligent? DE Telling the difference between malicious and negligent security incidents is difficult. As shown in Figure 5, 44 percent of German and 49 percent of U.S. respondents report they cannot tell the difference between security incidents caused by employees who are careless and those who are malicious. Those who say they can tell the difference, say it represents an average of 70 percent (U.S. respondents) or 63 percent (German respondents) of all insider security incidents. Figure 5. Can you tell the difference between security incidents caused by malicious or negligent employees? 60% 50% 51% 56% 49% 44% 40% 30% 20% 10% 0% Yes No U.S. DE 6
7 7 The impact of employee negligence on the productivity of IT security staff If security incidents caused by employees sloppiness could be reduced, companies could save money. Respondents were asked to estimate how much IT security spending could be saved if employee negligence and carelessness could be reduced by 25 percent, 50 percent and 75 percent. As shown in Figure 6, if negligence was reduced by as much as 50 percent, an average of 31 percent (U.S.) or 28 percent (Germany) of IT security spending could be saved and perhaps allocated for investments in people and enabling technologies. A 25 percent reduction would save 20 percent in the U.S. and 19 percent in Germany in IT security spending. If an organization was able to have a 75 percent reduction, the savings could be as much as 39 percent and 37 percent in U.S. and German organizations, respectively. Figure 6. How much IT security spending could be saved if employee negligence was reduced by as much as 50 percent? 40% 35% 37% 36% 30% 25% 20% 15% 20% 23% 23% 25% 18% 15% 10% 5% 0% Less than 10% 11% to 25% 26% to 50% 51% to 75% 76% to 100% 2% 1% U.S. DE 7
8 8 According to Figure 7, IT security practitioners spend an average of almost three hours each day dealing with the security risks caused by employee mistakes or negligence. In addition, they say almost two hours is wasted due to carelessness. Figure 7. The time spent responding to employees mistake and the time wasted Extrapolated value in hours Time spent each day responding to security risks caused by employee mistakes or negligence U.S. Time wasted responding to security issues due to carelessness and negligence of employees DE Table 1 provides a simple extrapolation for the annual cost of wasted time based on our sample of companies participating in this research. As can be seen, the estimated cost of wasted time for US companies is 1.46 million dollars and for German companies is 1.43 million euros. Calculus Table 1: Extrapolated average annual cost of wasted time Average number of FTE IT security support team members (extrapolated value per tracking study)* Fully loaded compensation per day (dollars) $301.4 Fully loaded compensation per day (Euros) Cost per hour (dollars) - 8 hour work day $37.7 Cost per hour (Euros) - 7 hour work day 40.5 Wasted time (extrapolated value from survey) Value of wasted time per individual each day $74 77 Value of wasted time per company each day $4,007 3,926 Value of wasted time per company each year $1,462,725 1,432,930 *See: Ponemon Institute s IT security tracking study: March 2015 US DE 8
9 9 Improvements in productivity and in-house IT security expertise would be the benefits of fewer insider security incidents. As shown in Figure 8, minimizing the insider threat would enable the IT staff to be more productive and have resources to increase their security expertise. A third benefit would be more investment in technologies. Figure 8. How would the reduction in insider security incidents benefit IT? Productivity of IT staff would increase 43% 48% There would be more resources to increase inhouse IT security expertise There would be more resources to invest in technology There would be less concern about a possible security breach 23% 19% 19% 20% 15% 13% 0% 10% 20% 30% 40% 50% 60% U.S. DE IT security is a very stressful job because of employees carelessness and negligence. According to Figure 9, 33 percent of U.S. respondents and 29 percent of German respondents say their current positions are very stressful and the main source is the careless or negligent employee (74 percent and 63 percent of respondents, respectively). This is followed by long hours and a lack of resources and budget. Figure 9. Why is your job stressful? More than one response permitted Constantly putting out fires because of employees carelessness and negligence 63% 74% Long hours The frequent need to solve employees problems with their computers and other devices 50% 51% 56% 67% Lack of resources & budget 44% 56% My boss 30% 55% 0% 10% 20% 30% 40% 50% 60% 70% 80% U.S. DE 9
10 10 German and U.S. respondents have very different ideas about how to stop the unintentional insider risk. Germans are more likely to limit the practices that can create unintentional risk and Americans prefer monitoring employees behavior, according to Figure 10. However, they both agree in the importance of conducting frequent training and awareness programs on the unintentional risk. Figure 10. What are the best solutions to stop unintentional insider risk? More than one response permitted Conduct frequent training and awareness programs on the unintentional risk Assess the unintentional risk to better understand where the greatest risks exist Limit the use of practices that can create unintentional risks Monitor employees behavior Enforce penalties for not complying with data security policies 38% 37% 30% 28% 67% 70% 56% 62% 55% 63% There is no solution Provide incentives to comply with data security policies 19% 14% 15% 8% 0% 10% 20% 30% 40% 50% 60% 70% 80% U.S. DE 10
11 11 Cultural differences in the unintentional insider risk German and U.S. respondents have very different perceptions about the unintentional insider risk. The differences are shown in Figure 11. German respondents are more likely to agree that their organizations do not have the necessary safeguards in place to protect their organization from careless employees (54 percent of Germans agree and 46 percent of U.S. respondents agree). U.S. respondents have a more pessimistic view about the state of unintentional risk in their organizations. Specifically, U.S. respondents are more likely to agree their employees are not properly trained to follow data security policies and senior executives do not consider data security a priority. Figure 11. German & U.S. perceptions about the unintentional insider risk Strongly agree and agree responses combined Our organization is at risk because employees are careless or negligent when accessing and using sensitive information 54% 66% Employees are not properly trained to follow data security policies 46% 60% Employees are pressured to be productive at the expense of not following data security policies 43% 54% Employees frequently ignore or circumvent our data security practices because they are inconvenient 40% 52% Employees do not take data security seriously 40% 52% Senior executives do not consider data security a priority 37% 50% Insufficient safeguards in place to protect our organization from employee negligence or carelessness 46% 54% 0% 10% 20% 30% 40% 50% 60% 70% U.S. DE 11
12 12 Risky scenarios likely to occur and create a security incident In this study, we identified 8 scenarios that often lead to security incidents due to negligence and carelessness. We asked respondents to rate the likelihood of the incident occurring and how much of a risk it creates. As shown in Table 2, the scenario most likely to occur involves employees combining business and personal data on their own devices. The scenario that is likely to occur and poses a high risk in both countries concerns employees who are duped by a phishing scam. In all cases, these risky scenarios are more likely to occur in U.S. organizations than in German organizations. There are also some significant differences between the two countries. Specifically, it is far more likely U.S. organizations will have employees who share passwords, lose mobile devices and do not report the loss immediately, do not use a privacy shield and expose sensitive and confidential information in open and public spaces and copy confidential information from a company collaboration tool in order to send information to individuals without access to the network Table 2. 8 scenarios that often lead to security incidents On a scale of 1 = low likelihood/low risk to 10 = high likelihood/high risk to the organization, respondents rated the scenario 7+ likelihood of occurring and 7+ level of risk reported Scenario 1: Employees combine business and personal data on their own devices. U.S. DE What is the likelihood of this happening in your organization? 94% 91% How much of a risk is this to your organization? 57% 57% Scenario 2: Employees share passwords. U.S. DE What is the likelihood of this happening in your organization? 73% 72% How much of a risk is this to your organization? 26% 23% Scenario 3: When working in open and/or public spaces, employees do not use a privacy shield on their laptops and expose sensitive and confidential information. U.S. DE What is the likelihood of this happening in your organization? 94% 91% How much of a risk is this to your organization? 57% 57% Scenario 4: Employees are duped by a phishing scam. U.S. DE What is the likelihood of this happening in your organization? 86% 77% How much of a risk is this to your organization? 94% 86% Scenario 5: To circumvent file-size limits prescribed for work , employees transfer sensitive company information to an unauthorized public cloud service. U.S. DE What is the likelihood of this happening in your organization? 74% 68% How much of a risk is this to your organization? 54% 52% 12
13 13 Scenario 6: Employees use consumer cloud content services that are not permitted (i.e., Dropbox). U.S. DE What is the likelihood of this happening in your organization? 74% 67% How much of a risk is this to your organization? 58% 51% Scenario 7: Employees lose mobile devices and fail to report the loss immediately. U.S. DE What is the likelihood of this happening in your organization? 72% 57% How much of a risk is this to your organization? 75% 74% Scenario 8: Employees copy confidential information from a company document collaboration tool to an USB stick to be able to send this information to people without access. This enables employees to work from home without needing access to the company s network. U.S. DE What is the likelihood of this happening in your organization? 71% 62% How much of a risk is this to your organization? 57% 55% Conclusion The findings of this study confirm the seriousness of the negligent insider risk. It also reveals the diminishment in the IT function s productivity because of having to respond to security incidents caused by carelessness. Unfortunately, companies are often uncertain what steps beyond training and awareness programs will mediate this threat and not continue to consume the valuable time of their skilled security staff. A close look at the findings reveals how organizations can become more intelligent about addressing this risk. According to the IT security practitioners in our study, there are certain characteristics of insiders and situations that are more prone to create security incidents. A combination of technologies and governance practices that address the areas of greatest risk in an organization would increase the effectiveness and ability to reduce the unintentional risk. 13
14 14 Part 4. Methods Table 3 reports the sample response for the United States and Germany. The U.S. sample is composed of 17,800 IT and IT security practitioners and the German sample is composed of 14,560 IT and IT security practitioners. All respondents are familiar with the security risks created by negligent or careless employees and other insiders in their organizations. From this sampling frame, we captured 1,182 returns of which 111 were rejected for reliability issues. Our final consolidated sample was 1,071, thus resulting in an overall 3.3% response rate. Table 3. Sample response U.S. DE Total sampling frame 17,800 14,560 Total returns Rejected or screened surveys Final sample Table 4 summarizes the approximate position levels of respondents in our study. As can be seen, the majority of respondents reported their current position level as technician or staff (54 percent for the U.S. and 60 percent for Germany). Table 4. What organizational level best describes your current position? U.S. DE Senior Executive 2% 2% Vice President 2% 1% Director 7% 5% Manager 16% 17% Supervisor 16% 13% Technician/staff level 54% 60% Contractor 2% 2% Other 1% 0% Table 5 reports the respondents organizations primary industry concentration or focus. As shown, 18 percent of U.S. respondents and 16 percent of German respondents are located in financial services industry, which includes banking, investment management, insurance, brokerage, payments and credit cards. Table 5. What industry best describes your organization s industry focus? U.S. DE Financial services 18% 16% Health & pharmaceutical 11% 9% Industrial 11% 15% Public sector 10% 13% Services 9% 11% Retail 8% 7% Technology & software 7% 7% Transportation 6% 3% Consumer products 4% 7% Energy & utilities 4% 3% Communications 3% 2% Hospitality 3% 3% Education & research 2% 2% Other 4% 2% 14
15 15 Table 5 reports the worldwide headcount of the respondent s organizations. The majority of U.S. and German respondent are located in organizations with a global headcount of more than 1,000 employees worldwide. Table 6. What is the worldwide headcount of your organization? U.S. DE Less than % 19% 500 to 1,000 20% 17% 1,001 to 5,000 26% 26% 5,001 to 10,000 13% 15% 10,001 to 25,000 9% 10% 25,001 to 75,000 8% 7% More than 75,000 7% 6% Part 4. Caveats to this study There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a web-based collection method, it is possible that non-web responses by mailed survey or telephone call would result in a different pattern of findings. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses. 15
16 16 Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured in March Survey response U.S. DE Total sampling frame 17,800 14,560 Total returns Rejected or screened surveys Final sample S1. What is your role in IT or IT security? Please select one best choice U.S. DE IT operations 30% 25% Security operations 18% 20% Incident response team 11% 10% Technician 7% 7% Help desk 7% 8% IT compliance 6% 5% Data center management 5% 6% Forensics 3% 2% IT audit 3% 4% Systems administration 3% 5% Cloud administrator 2% 1% Network engineering 2% 3% Database administration 1% 1% Identity & access management 1% 2% Other 1% 1% None of the above (Stop) 0% 0% S2. How familiar are you with the security risks created by negligent or careless employees and other insiders in your organization? U.S. DE Very familiar 23% 18% Familiar 40% 41% Somewhat familiar 37% 41% Not familiar (Stop) 0% 0% Q1. How many years have you worked for your current employer? U.S. DE Less than 1 year 12% 8% 2 to 4 years 24% 20% 5 to 7 years 24% 26% 8 to 10 years 23% 25% More than 10 years 17% 21% Q2a. How stressful is your current position? U.S. DE Very stressful 33% 29% Stressful 29% 30% Somewhat stressful 12% 16% Not stressful 26% 25% 16
17 17 Q2b. If your job is stressful, why is it? Please check all that apply. U.S. DE Long hours 67% 56% Constantly putting out fires because of employees carelessness and negligence 74% 63% Lack of resources & budget 56% 44% My boss 55% 30% The frequent need to solve employees problems with their computers and other devices 50% 51% Total 302% 244% Q3. How much time each day do you spend helping employees with their workrelated computing problems? U.S. DE 30 minutes or less 28% 24% 1 to 2 hours 11% 9% 3 to 4 hours 2% 4% 4 to 6 hours 3% 5% Full time job 7% 8% No time 49% 50% Extrapolated hours Q4. How much time each day do you spend responding to security risks caused by employee mistakes or negligence? U.S. DE 30 minutes or less 17% 16% 1 to 2 hours 18% 20% 3 to 4 hours 7% 6% 4 to 6 hours 8% 9% Full time job 23% 21% No time 27% 28% Extrapolated hours Q5. How much of your day is wasted responding to security issues due to carelessness and negligence of employees? U.S. DE 30 minutes or less 35% 40% 1 to 2 hours 16% 11% 3 to 4 hours 15% 12% 4 to 6 hours 3% 3% Full time job 11% 12% No time is wasted 20% 22% Extrapolated hours Q6a. Can you tell the difference between security incidents caused by malicious employees and those caused by negligence or carelessness? U.S. DE Yes 51% 56% No 49% 44% 17
18 18 Q6b. If yes, what percentage of all insider security incidents caused by employees is due to carelessness and negligence and not maliciousness? U.S. DE Less than 10% 4% 6% 11% to 25% 9% 13% 26% to 50% 9% 15% 51% to 75% 13% 12% 76% to 100% 65% 54% Extrapolated percentage 70% 63% Q7a. How much of IT security spending could be saved if the organization was able to reduce the employee negligence and carelessness by 25 percent? U.S. DE Less than 10% 40% 44% 11% to 25% 28% 27% 26% to 50% 25% 20% 51% to 75% 6% 8% 76% to 100% 1% 1% Extrapolated percentage 20% 19% Q7b. How much of IT security spending could be saved if the organization was able to reduce the employee negligence and carelessness by 50 percent? U.S. DE Less than 10% 20% 23% 11% to 25% 23% 25% 26% to 50% 37% 36% 51% to 75% 18% 15% 76% to 100% 2% 1% Extrapolated percentage 31% 28% Total Q7c. How much of IT security spending could be saved if the organization was able to reduce employee negligence and carelessness by 75 percent? U.S. DE Less than 10% 16% 15% 11% to 25% 16% 20% 26% to 50% 33% 35% 51% to 75% 30% 24% 76% to 100% 5% 6% Extrapolated percentage 39% 37% Q8. If you were able to reduce insider security incidents, how would it benefit the IT function? Please select your top choice. U.S. DE Productivity of IT staff would increase 43% 48% There would be more resources to increase in-house IT security expertise 23% 19% There would be more resources to invest in technology 19% 20% There would be less concern about a possible security breach 15% 13% Other 0% 0% 18
19 19 Q9. What do you think are the best solutions to stopping the unintentional insider risk? U.S. DE Conduct frequent training and awareness programs on the unintentional risk 67% 70% Assess the unintentional risk to better understand where the greatest risks exist 56% 62% Limit the use of practices that can create unintentional risks 38% 55% Monitor employees behavior 63% 37% Provide incentives to comply with data security policies 15% 8% Enforce penalties for not complying with data security policies 30% 28% There is no solution 19% 14% Total 288% 274% Q10. Please rate the following statements from strongly agree to strongly disagree using the scale below each item. Q10a. Employees are not properly trained to follow our organization s data security policies. U.S. DE Strongly agree 26% 19% Agree 34% 27% Unsure 25% 21% Disagree 8% 25% Strongly disagree 7% 8% Q10b. Employees are pressured to be productive at the expense of not following our organization s data security policies. U.S. DE Strongly agree 25% 17% Agree 29% 26% Unsure 25% 20% Disagree 15% 25% Strongly disagree 6% 12% Q10c. Employees do not take data security seriously. U.S. DE Strongly agree 19% 17% Agree 33% 23% Unsure 27% 20% Disagree 16% 29% Strongly disagree 5% 11% Q10d. Senior executives do not consider data security a priority. U.S. DE Strongly agree 23% 16% Agree 27% 21% Unsure 21% 20% Disagree 21% 30% Strongly disagree 8% 13% Q10e. Employees frequently ignore or circumvent our data security practices because they are inconvenient. U.S. DE Strongly agree 21% 18% Agree 31% 22% Unsure 26% 19% Disagree 17% 30% Strongly disagree 5% 11% 19
20 20 Q10f. Our organization is at risk because employees are careless or negligent when accessing and using sensitive and confidential information U.S. DE Strongly agree 30% 27% Agree 33% 27% Unsure 20% 26% Disagree 17% 16% Strongly disagree 0% 4% Q10g. We do not have sufficient safeguards in place to protect our organization from employee negligence or carelessness. U.S. DE Strongly agree 20% 26% Agree 26% 28% Unsure 25% 23% Disagree 13% 12% Strongly disagree 16% 11% Q10h. There are more security incidents caused by unintentional mistakes than intentional and malicious acts. U.S. DE Strongly agree 31% 29% Agree 39% 35% Unsure 21% 24% Disagree 9% 10% Strongly disagree 0% 2% Q10i. Unintentional employee negligence severely diminishes the productivity of the IT function. U.S. DE Strongly agree 40% 30% Agree 33% 37% Unsure 16% 19% Disagree 7% 8% Strongly disagree 4% 6% Q11. In your organization, who poses the greatest security risk because of negligence or carelessness? Please select the top two. U.S. DE CEO 2% 1% C-level executives 27% 29% Administrative employees 8% 9% Privileged users 39% 30% Ordinary users 72% 66% Contractors and third parties 50% 64% Other 2% 1% Total 200% 200% 20
21 21 Q12. Using the scale below, please rate how the following characteristics affect security risks from low risk (1) to high risk (10). Q12a. New/entry level employee U.S. DE 1 or 2 (low risk) 2% 1% 3 or 4 8% 9% 5 or 6 9% 10% 7 or 8 18% 16% 9 or 10 (high risk) 63% 64% Extrapolated value Q12b. Seasoned employees with several years of relevant work experience U.S. DE 1 or 2 (low risk) 27% 21% 3 or 4 18% 25% 5 or 6 26% 30% 7 or 8 18% 17% 9 or 10 (high risk) 11% 7% Extrapolated value Q12c. Employees who work offsite U.S. DE 1 or 2 (low risk) 5% 0% 3 or 4 11% 9% 5 or 6 18% 21% 7 or 8 32% 23% 9 or 10 (high risk) 34% 47% Extrapolated value Q12d. Younger employees (millennials) U.S. DE 1 or 2 (low risk) 5% 3% 3 or 4 9% 8% 5 or 6 18% 19% 7 or 8 27% 26% 9 or 10 (high risk) 41% 44% Extrapolated value Q12e. Older employees (baby boomers) U.S. DE 1 or 2 (low risk) 21% 19% 3 or 4 19% 17% 5 or 6 16% 15% 7 or 8 27% 30% 9 or 10 (high risk) 17% 19% Extrapolated value Q12f. Female employees U.S. DE 1 or 2 (low risk) 16% 19% 3 or 4 14% 18% 5 or 6 25% 23% 7 or 8 17% 24% 9 or 10 (high risk) 28% 16% Extrapolated value
The Security Impact of Mobile Device Use by Employees
The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security
More informationData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:
More informationWhat You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage
What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report
More informationGlobal Insights on Document Security
Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security
More informationThe State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015
The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationData Security in Development & Testing
Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationThe Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationReputation Impact of a Data Breach U.S. Study of Executives & Managers
Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon
More informationThe Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners
The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationThe State of Mobile Application Insecurity
The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationUnderstaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security
Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research
More informationSecurity of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014
Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction
More informationA Study of Retail Banks & DDoS Attacks
A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April
More informationAchieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014
Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving
More informationThe State of Data Centric Security
The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security
More informationThird Annual Study: Is Your Company Ready for a Big Data Breach?
Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute
More informationCorporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate
More informationChallenges of Cloud Information
The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research
More informationSecurity of Cloud Computing Users Study
Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part
More informationThe SQL Injection Threat Study
The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April
More informationElectronic Health Information at Risk: A Study of IT Practitioners
Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic
More informationRisk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin
Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction
More informationUnderstanding Security Complexity in 21 st Century IT Environments:
Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted
More informationSponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA
The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute
More informationDefining the Gap: The Cybersecurity Governance Study
Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining
More informationThe Importance of Senior Executive Involvement in Breach Response
The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance
More informationData Security in the Evolving Payments Ecosystem
Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationThe State of USB Drive Security
The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research
More information2015 Global Study on IT Security Spending & Investments
2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming
More informationThe Cost of Web Application Attacks
The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The
More informationEfficacy of Emerging Network Security Technologies
Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part
More informationPerceptions About Network Security Survey of IT & IT security practitioners in the U.S.
Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon
More informationLeading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers
Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral
More informationPerceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)
Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication
More informationGlobal Survey on Social Media Risks Survey of IT & IT Security Practitioners
0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on
More informationThe Fraud Report: How Fake Users Are Impacting Business
The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud
More informationCloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
More information2012 Application Security Gap Study: A Survey of IT Security & Developers
2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More informationBreaking Bad: The Risk of Insecure File Sharing
Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More information2014: A Year of Mega Breaches
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
More information2015 Global Cyber Impact Report
2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015
More informationPrivileged User Abuse & The Insider Threat
Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon
More informationNational Survey on Data Center Outages
National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,
More informationHow Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States
How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:
More informationAdvanced Threats in Retail Companies: A Study of North America & EMEA
Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report
More informationThe TCO of Software vs. Hardware-based Full Disk Encryption Summary
The TCO of vs. -based Full Disk Encryption Summary Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research Report
More informationThe 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season
The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon
More informationThe Role of Governance, Risk Management & Compliance in Organizations
The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication
More informationEncryption in the Cloud
Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute
More informationData Loss Risks During Downsizing As Employees Exit, so does Corporate Data
Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009 Sponsored by Symantec Corporation Ponemon
More informationSurvey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.
Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.
More information2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition
2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute
More informationState of Web Application Security U.S. Survey of IT & IT security practitioners
State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon
More informationThe SQL Injection Threat & Recent Retail Breaches
The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &
More informationState of IT Security Study of Utilities & Energy Companies
State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of
More informationCyber Security on the Offense: A Study of IT Security Experts
Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report
More informationAchieving Data Privacy in the Cloud
Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute
More informationBest Practices in Data Protection Survey of U.S. IT & IT Security Practitioners
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.
More informationThe Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations
The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part
More informationThreat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations
Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute
More informationThe Aftermath of a Data Breach: Consumer Sentiment
The Aftermath of a Data Breach: Consumer Sentiment Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research
More informationThe Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013
The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach
More informationState of SMB Cyber Security Readiness: UK Study
State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction
More informationThe Economic and Productivity Impact of IT Security on Healthcare
The Economic and Productivity Impact of IT Security on Healthcare Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: May 2013 Ponemon Institute Research Report The
More informationEnhancing Cybersecurity with Big Data: Challenges & Opportunities
Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The
More informationPrivacy and Security in a Connected Life: A Study of European Consumers
Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research
More information2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013
2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon
More informationHow Much Is the Data on Your Mobile Device Worth?
How Much Is the Data on Your Mobile Device Worth? Sponsored by Lookout Independently conducted by Ponemon Institute LLC Publication Date: January 2016 Ponemon Institute Research Report Part 1. Introduction
More information2015 Global Megatrends in Cybersecurity
2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in
More informationThe Human Factor in Data Protection
The Human Factor in Data Protection Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report The Human Factor in Data Protection
More informationSecurity of Cloud Computing Providers Study
Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary
More informationSecurity of Cloud Computing Providers Study
Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary
More informationCompliance Cost Associated with the Storage of Unstructured Information
Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report
More information2015 State of the Endpoint Report: User-Centric Risk
2015 State of the Endpoint Report: User-Centric Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report 2015 State
More informationThe TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan
The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute Research Report
More informationCyber Threat Intelligence: Has to Be a Better Way
Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging
More informationThe TCO of Software vs. Hardware-based Full Disk Encryption
The TCO of Software vs. Hardware-based Full Disk Encryption Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research
More informationThird Annual Survey on Medical Identity Theft
Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:
More information2015 Global Encryption & Key Management Trends Study. Sponsored by Thales e-security
2015 Global Encryption & Key Management Trends Study Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report 2015
More informationEconomic impact of privacy on online behavioral advertising
Benchmark study of Internet marketers and advertisers Independently Conducted by Ponemon Institute LLC April 30, 2010 Ponemon Institute Research Report Economic impact of privacy on online behavioral advertising
More information2013 Study on Data Center Outages
2013 Study on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: September 2013 2013 Study on Data Center Outages Ponemon Institute, September 2013 Part 1. Introduction
More informationSecurity of Cloud Computing Users A Study of Practitioners in the US & Europe
Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report
More informationHow Single Sign-On Is Changing Healthcare: SSO Vendor Comparison
How Single Sign-On Is Changing Healthcare: SSO Vendor Comparison Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon Institute Research Report How
More information2013 Survey on Medical Identity Theft
2013 Survey on Medical Identity Theft Sponsored by the Medical Identity Fraud Alliance with support from ID Experts Independently conducted by Ponemon Institute LLC Publication Date: September 2013 Ponemon
More informationSecond Annual Benchmark Study on Patient Privacy & Data Security
Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report
More informationThe End Endorsed Devices pose a Large Security Risk to Your Organization
2013 State of the Endpoint Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report 2013 State of the Endpoint Ponemon Institute:
More informationFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Ponemon Institute Research Report
More informationMoving Beyond Passwords: Consumer Attitudes on Online Authentication A Study of US, UK and German Consumers
Moving Beyond Passwords: Consumer Attitudes on Online Authentication A Study of US, UK and German Consumers Sponsored by Nok Nok Labs, Inc. Independently conducted by Ponemon Institute LLC Publication
More informationReputation Impact of a Data Breach Executive Summary
Reputation Impact of a Data Breach Executive Summary Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research
More information2014 Cost of Data Breach Study: Global Analysis
2014 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2014 Ponemon Institute Research Report Part 1. Introduction 2014
More information