< back to releases

Press releases

Ponemon Institute releases national survey on confidential data at risk

81 percent lost sensitive data on missing laptops in past year

Elk Rapids, Mich. and San Francisco, Calif. — August 15, 2006 — Privacy and information management research firm the Ponemon Institute and Vontu, Inc., the leader in data loss prevention solutions, today announced the findings of a new study on the issues associated with protecting corporate data residing on storage systems and mobile devices. The U.S. Survey: Confidential Data at Risk, examines risks associated with the storage of confidential information; technologies, practices, and procedures used for protecting stored data; and primary concerns expressed by organizations facing the challenges of protecting stored sensitive data from unauthorized exposure.

Stored data presents unique challenges for enterprise security, and the U.S. Survey: Confidential Data at Risk is a first-of-its-kind study on the topic. Derived from a national sampling of nearly 500 experienced information security practitioners, the survey reveals a number of key findings, including:

  • 81 percent of companies surveyed reported the loss of one or more laptop computers containing sensitive information during the previous 12 months
  • Loss of confidential data, such as intellectual property, business documents, customer data and employee records, is a pervasive problem
  • PDAs and laptops ranked highest among storage devices posing the greatest risk for sensitive corporate data, followed by USB memory sticks, desktop systems, and shared file servers
  • 64 percent of companies surveyed reported never having conducted an inventory of sensitive consumer information. 64 percent also reported never having inventoried employee data
  • When asked how long it would take to determine what actual sensitive data was on a lost or stolen laptop, desktop, file server, or mobile device, the most frequent answer was "never" - ranging from 24% for a file server to 62% for an employee's home computer
  • 81 percent of respondents report that protecting sensitive "data at rest" is a priority this year, and 89 percent anticipate that it will be a priority next year.

The U.S. Survey offers insights that, for the first time, help illuminate the challenges of securing confidential "data at rest," defined as all electronic information found on storage devices within the organization's IT infrastructure. The study also identifies the probability that various storage media are likely to contain unprotected sensitive information, ranks corporate data security priorities by department, including IT, call centers and marketing operations, and examines the types of intellectual property and business information that are of most concern to corporate security teams.

"Corporations are clearly struggling with the challenges of identifying and protecting sensitive data, as well as developing successful strategies for securing confidential information stored among the myriad devices that make up today's data networks," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Our findings point to the shockingly high risk to both business and consumers of undiscovered confidential data, but we believe that the data also serve as a compass to help point organizations toward effective solutions to this vexing problem."

"The discovery and protection of confidential data within the enterprise is a top priority for IT Security today, as the new Ponemon study clearly demonstrates," said Steve Roop, vice president of marketing at Vontu. "Chief information security officers are asking, 'Where is confidential data stored within my organization and how secure is it?' In most cases, there are significant opportunities for improved data security. Through risk assessments and customer deployments, we are able to quickly gauge the magnitude of the problem, target key vulnerabilities and help our customers take positive steps to reduce their risk."

Copies of the U.S. Survey: Confidential Data at Risk are available through the Ponemon Institute and through Vontu.

About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Vontu

Vontu is the leading provider of Data Loss Prevention solutions for both data at rest and data in motion. Vontu allows organizations to discover and protect exposed confidential information, monitor all network traffic, block select email, FTP and web communications, and automatically enforce data loss prevention policies. By reducing the frequency and severity of both inadvertent and malicious data loss incidents, Vontu helps organizations ensure public confidence, reduce compliance risk and protect competitive advantage. Vontu customers include Fortune 500 companies in financial services, insurance, high technology, retail, telecommunications, manufacturing, media, and healthcare, as well as state and federal government agencies. Vontu has received numerous awards, including SC Magazine's 2006 U.S. Excellence Award for "Best Enterprise Security Solution" and Global Award for "Best New Security Solution," as well as IDG's InfoWorld 2006 Technology of the Year Award for "Best Insider Threat Defense." For more information, please visit www.vontu.com.