The security data and survey directory

Security data. Everybody needs it. Lots of companies and organizations are producing it. Here's where to find it.

Page 2 of 3

National Retail Federation research

The NRF conducts periodic surveys on Organized Retail Crime, return fraud, and more. See the linked page for connections to their latest research.

Report: Global Theft Decreases in 2010Conducted by: Centre for Retail ResearchSponsored by: Checkpoint SystemsNumber of respondents: 1,103 large retailers in 42 countries.

2010 survey looks at physical loss of retail merchandise to crime and waste, and studies its impact on retailers and consumers.

Theft Surveys by Jack L. Hayes InternationalConducted by: Jack L. Hayes International (a loss prevention consulting firm)Number of respondents:Varied

A limited amount of data is avaible on the linked page, covering retail theft, shoplifting, and related areas.

The Cost of a Lost LaptopConducted by: Ponemon Institute LLCSponsored by: Intel CorporationNumber of respondents: N/A

The 2009 study examined 138 cases involving laptop computers lost by an employee, a temporary worker or contractor. Based on replacement cost, lost intellectual property and other factors, the average value is an estimated $49,246. In cases examined by the study, 80 percent of that cost was attributed to lost intellectual property.

Social Insecurity: What Millions of Online Users Don't Know Can Hurt ThemConducted by: Consumer Reports National Research CenterSponsored by: UnsponsoredNumber of respondents: 2,000 online U.S. households.

Twice as many U.S. households now use social networks than did last year, and, in many cases, are exposing themselves to new risks. A 2010 study found 40 percent posted their full birth date, exposing themselves to identity theft, while 26 percent posted their children's photos and names, potentially exposing them to predators. Also, one quarter didn't use Facebook's privacy controls at a time when 9 percent of social network users experienced malware infections, scams, identity theft or harassment.

Security of Paper Documents in the WorkplaceConducted by: Ponemon InstituteSponsored by: Alliance for Secure Business InformationNumber of respondents: 819 individuals who work in IT operations, IT security, data protection and compliance in large organizations in a variety of industries.

This 2008 study appears to stand the test of time and has not been replaced by more current research. Eighty percent of respondents said they had one or more data breaches in the past 12 months; of those, 49 percent said one or more of the breaches involved the loss or theft of paper documents. Seventy-one percent of respondents acknowledge an incident in which sensitive or confidential paper documents were lost or misplaced in their organizations.

Airport Insecurity: The Case of Lost LaptopsConducted by: Ponemon InstituteSponsored by: DellNumber of respondents: 864 business air travelers in the U.S.

2008 survey reports that, on average, 12,255 laptops go missing at U.S. airports each week and 42 percent don't back up the data in their laptop computers. Only one-third of those turned into airport Lost and Found departments are ever reclaimed.

Business Risk of a Lost Laptop: A Study of U.S. IT PractitionersConducted by: Ponemon Institute LLCSponsored by: Dell CorporationNumber of respondents: 714 IT and IT security practitioners with an average of almost 7.5 years of domain-specific experience.

2009 study looks at the business risk of poor laptop security. Sixty-five percent of respondents say the number of lost or stolen laptops is up from previous years; 75 percent say they know of an incident in their organization where sensitive or confidential data was at risk because of a lost or stolen laptop computer.

The 2010 State of Cyberethics, Cybersafety, Cybersecurity Curriculum in the U.S. SurveyConducted by: Zogby International Sponsored by: National Cyber Security AllianceNumber of respondents: 1,003 teachers, 400 K-12 school adminstrators and 200 technology coordinators.

Survey targets teachers, school administrators and technology coordinators in an effort to understand whether students are receiving adequate guidance to use digital technology and the Internet in a safe and responsible manner. Thirty-nine percent of teachers responded that over the last 12 months they'd taught students how to make decisions about sharing personal information online; 33 percent about the dangers of social networking sites; 30 percent about watching for online predators; and 28 percent about what to do if they receive harassing messages.

The National Campus Safety and Security Project SurveyConducted by: The National Association of College and University Business OfficersSponsored by: Funded in part by the Lilly Endowment.Number of respondents: 342 institutions.

Roughly 15 percent of repondents do not currently have an emergency preparedness plan that at least meets the standards set by the National Fire Protection Association; of those, 40 percent are near completion of one. Survey looks at many factors including use of security cameras and other technologies, emergency communication plans and business continuity.

More Than Half of Americans Surveyed Are Not Worried About Swine FluConducted by: Harris InteractiveSponsored by: Deloitte Center for Health Solutions Number of respondents: 1,010 U.S. adults.

2009 survey reports that 52 percent of Americans don't believe the H1N1 virus will have a major impact in the United States; 41 percent do not plan to get vaccinated. It also examines who plans to get vaccinated, and if they know where to get vaccinated.

Energy Security&America's Best DefenseConducted by: Deloitte Global and U.S. Aerospace & DefenseSponsored by: UnsponsoredNumber of respondents: Not applicable.

2009 study reports that a huge increase in fuel use by the military (175 percent increase per soldier during wartime since Vietnam) puts a focus on fuel security. Energy supplies are often a primary target, and, according to its methodologies, the Deloitte study found that "without game-changing shifts, the current Afghan conflict may result in a 124 percent increase in U.S. casualties through 2014."

Security Controls

Trust, Security and Passwords ReportConducted by: Cyber-ArkNumber of respondents: 1,400 IT staffers and C-level professionals across North America and EMEA

57 percent of executive respondents believe that cybercriminals will present more of a security risk than insider threats over the next one to three years. The survey also reports that 20 percent believed their companies had been sabotaged by insider and 16 percent think insider sources may have passed confidential information to their competitors.

Securosis 2010 Data Security SurveyConducted by: Securosis, L.L.C.Sponsored by: ImpervaNumber of respondents: 1,176

Roughly half of responding organizations have some form of data security controls deployed; e-mail filtering was listed as the most common control and also the least effective. While 88 percent of respondents must meet at least one regulatory requirement, "to improve security" was the most common driver for adding data security controls.

SANS Sixth Annual Log Management Survey ReportConducted by: SANS InstituteSponsored by: ArcSight, LogLogic, NetForensics, Novell, RSA and TrustwaveNumber of respondents: 500+

Conducted in April 2010, survey reveals log management is gaining popularity and now includes logs gathered from other devices than firewalls, switches, routers and IDS/IPS. While the number of users trying to derive more value from their log data has increased, many respondents say analyzing and reporting on all the data remains a critical problem.

Security Software and Services Spending Will Outpace Other IT Spending Areas in 2010Conducted by: Gartner, Inc.Sponsored by: UnsponsoredNumber of respondents: More than 1,000 IT professionals with budget responsibility worldwide. Note: $95.00 fee and registration required.

A 4 percent increase in security software budgets is anticipated for 2010, including the areas of security information and event management (SIEM), e-mail security, URL filtering and user provisioning. A managed security services spending increase is also expected.

Data Security and Data Breaches

Data Breach Investigations ReportConducted by: The Verizon RISK Team in cooperation with the U.S. Secret Service.Sponsored by: UnsponsoredOrigin of data: The primary dataset in 2010 analyzed in this report contains the 141 confirmed breach cases worked by Verizon (57) and the USSS (84) in 2009.

Survey examines origins and frequency of breaches, who caused tham and what they have in common. Latest report is 2011.

Analysis: 5 years of data breaches published 2010; PDF link at bottom of pageConducted by: Digital Forensics AssociationOrigin of data: Study of 2,800 data loss incidents from public sources. Laptop thefts the most common source of loss; in cases of insider involvement, accidental loss more common. Securosis 2010 Data Security SurveyConducted by: Securosis, L.L.C.Sponsored by: ImpervaNumber of respondents: 1,176

Roughly half of responding organizations have some form of data security controls deployed; e-mail filtering was listed as the most common control and also the least effective. While 88 percent of respondents must meet at least one regulatory requirement, "to improve security" was the most common driver for adding data security controls.

Application Security: It's a Case of Good News/Bad NewsConducted by: BankInfoSecurity.comSponsored by: UnsponsoredNumber of respondents: More than 100 banking/security leaders from financial institutions of all sizes.Note: Registration required for full results.

Survey guages perceived strength of financial institutions' application security programs; 81 percent are only somewhat or not at all confident in the security of third-party applications.

Federal Cyber Security Outlook for 2010 SurveyConducted by: Ernst & YoungSponsored by: UnsponsoredNumber of respondents: Nearly 1,900 organizations worldwide across all major industries.

12th annual survey finds forty-one percent of respondents reported increased internal attacks while 25 percent saw a rise in internal attacks; 50 percent plan to spend more this year to improve information security risk management.

2010 HIMSS Analytics Report: Security of Patient DataConducted by: HIMSS AnalyticsSponsored by: Kroll Fraud SolutionsNumber of respondents: 250 senior information technology (IT) executives, Chief Security Officers and Health Information Management (HIM) Directors/Managers, Compliance Officers and Privacy Officers.Registration required

A study on the shift to electronic health records (EHRs) over the next several years highlights the inability of healthcare providers to adequately secure data—even in the face of increased regulation of the HIPAA and HITECH acts.

Employees Put Personal Security, Interests Above Company'sConducted by: Trend MicroSponsored by: UnsponsoredNumber of respondents: 1,600 end users in the U.S., U.K, Germany and Japan.

Survey examines employees' unsanctioned use of corporate networks and tools. About half of respondents admitted leaking confidential data through a Web mail account; 60 percent of mobile workers and 44 percent of stationary workers also admitted to having done so through IM or social media applications.

Outbound Email and Data Loss Prevention in Today's Enterprise, 2010 Conducted by: OstermanSponsored by: ProofpointNumber of respondents: 261 responses from companies with 1,000 or more employees.Note: Registration required

Managing the risks of outbound e-mail, blog postings, social media, mobile devices, etc. is the focus of this survey. One quarter of U.S. companies investigated the leakage of confidential, sensitive or private information via a blog or message board posting; 24 percent disciplined an employee for such a breach in the last year. One fifth investigated a similar breach involving a social networking site.

Business Risk of a Lost Laptop: A Study of U.S. IT PractitionersConducted by: Ponemon Institute LLCSponsored by: Dell CorporationNumber of respondents: 714 IT and IT security practitioners with an average of almost 7.5 years of domain-specific experience.

2009 study looks at the business risk of poor laptop security. Sixty-five percent of respondents say the number of lost or stolen laptops is up from previous years; 75 percent say they know of an incident in their organization where sensitive or confidential data was at risk because of a lost or stolen laptop computer.

60 Percent of Facebook Users Consider Quitting over PrivacyConducted by: SophosSponsored by: UnsponsoredNumber of respondents: 1,588 Facebook users.

Concerns over privacy settings and sharing private information have prompted nearly two thirds of Facebook users to consider leaving the social networking service and 16 percent more say they have already stopped.

2009 Annual Study: Cost of a Data BreachConducted by: Ponemon Institute LLCSponsored by: PGP CorporationNumber of respondents: 45 organizations from 15 different industry sectors.

| 1 2 3 Page
Insider: How a good CSO confronts inevitable bad news
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies