Ponemon Institute© Private & Confidential Document Page 2
2009 Security Mega Trends Survey
By Dr. Larry Ponemon, November 4, 2008
What will be the biggest threats to an organization’s sensitive and confidential data over the next12 to 24 months? According to 825 respondents in IT operations, it is outsourcing of sensitiveinformation to third parties, the external threat of organized cyber criminal syndicates and amobile workforce armed with portable data-bearing devices. In contrast, 577 respondents in ITsecurity worry most about stopping data breaches, access to cloud computing and outsourcing ofsensitive data assets to third parties.
The 2009 Security Mega Trends Survey was
conducted by Ponemon Institute and sponsored byLumension to better understand if certain publicized IT risks to personal and confidential data are,or should be, more or less of a concern for organizations. We asked respondents in IT operationsand IT security to consider how eight Security Mega Trends affect organizations today and duringthe next 12 to 24 months.We believe the results of the study will be helpful to organizations struggling to understand howthey should allocate resources to help ensure their information assets are safeguarded.Based on interviews with IT experts in operations and information security, we selected thefollowing eight Mega Trends for this study: cloud computing, virtualization, mobility and mobiledevices, cyber crime, outsourcing to third parties, data breaches and the risk of identity theft,peer-to-peer file sharing and Web 2.0Bar Chart 1a lists the security risks identified by respondents in IT operations as perceived todayand over the next 12 to 24 months.
Bar Chart 1aMega trends today and in the next 12 to 24 months by respondents in IT operations
Each bar summarizes the combined percentage response for "Very High" and "High" security risks.22%25%31%35%39%44%47%47%48%50%24%18%35%36%42%40%47%49%45%50%0%10%20%30%40%50%60%
MalwareVirtualizationWeb 2.0P2P file sharingCloud computingData breachMobilityCyber crimeMobile devicesOutsourcingRisk as perceived todayRisk as perceived in the next 12 to 24 months