Latest news with #PonemonInstitute
Business Wire
3 days ago
- Business
- Business Wire
IAM Maturity Lagging Across Most Organizations, GuidePoint Security Finds
HERNDON, Va.--(BUSINESS WIRE)--A new report released today by GuidePoint Security, in partnership with the Ponemon Institute, found that most organizations are falling short in their Identity and Access Management (IAM) strategy—leaving them vulnerable to identity-based threats. These findings should serve as a call to action—identity is a primary attack vector and needs to be prioritized. Although 75% of cyberattacks leveraged identity-based threats last year, GuidePoint Security's State of Identity and Access Management (IAM) Maturity Report has unveiled that IAM remains under-prioritized compared to other IT security investments, with most organizations still in the early to mid-stages of IAM maturity. Only half of respondents rate their IAM tools as effective, and even fewer (44%) express high confidence in their ability to prevent identity-based incidents. 'These findings should serve as a call to action—identity is a primary attack vector and needs to be prioritized,' said Kevin Converse, Vice President, Identity and Access Management at GuidePoint Security. 'Many organizations still rely on manual processes and outdated approaches, limiting their ability to manage risk. Achieving IAM maturity means understanding that IAM is more than just an IT function—it's a cornerstone of a robust and proactive security strategy.' The report also highlights significant gaps in IAM technology, expertise and resources—factors that are stalling programmatic maturity and making it more difficult for organizations to secure identities across today's complex environments. Key findings from The State of Identity and Access Management (IAM) Maturity Report include: IAM is underfunded and underdeveloped. Only 50% of respondents believe their IAM tools and investments are effective. Investments in IAM trail behind other security priorities. Manual processes and expertise gaps are barriers to maturity. A lack of appropriate technologies (54%), in-house expertise (52%) and resources (45%) are cited as top challenges to achieving IAM maturity. Many organizations still rely on spreadsheets, scripts and other manual efforts. IAM maturity is a path to enhanced security. A small group (23%) of organizations that have invested in automation and advanced IAM technologies report fewer security incidents and stronger identity controls. They lead in adopting biometric authentication, identity threat detection and integrated governance platforms. IAM implementation is misaligned with security goals. Surprisingly, 45% of respondents say the primary driver for IAM investments is to improve user experience—not security. There is a disconnect in program perception and reality. While most organizations report having policies in place or in development (83%), only 28% have these policies integrated into their IAM platforms. 'IAM touches every application, user and device across the network,' Converse added. 'By treating it as a strategic priority—and investing accordingly—organizations can confidently embrace emerging technologies like AI, minimize risk and accelerate business growth.' The State of Identity and Access Management Maturity Report is based on responses from a comprehensive survey of 625 U.S.-based IT and IT security professionals involved in their organizations' identity and access management program. For more information: About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint's unmatched expertise has enabled 40% of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at
Cision Canada
28-04-2025
- Business
- Cision Canada
Optiv Report Finds Increased Cybersecurity Incidents, Strategic Budget Shifts as Organizations Combat Evolving Threat Landscape
Based on an independent Ponemon Institute survey, the report reveals 79% of respondents say their organization is making changes to its cybersecurity budget. Of these respondents, 71% say security budgets are increasing, with the average budget at $24 million. This correlates with the heightened volume of threat vectors, with 66% of respondents reporting cybersecurity incidents have increased significantly or increased in the past year, up from 61% in 2024. Download Optiv's 2025 Cybersecurity Threat and Risk Management Report: The report also highlights a notable shift in how organizations determine their cybersecurity budgets, with 67% now using risk and threat assessments to inform budget decisions, up from 53% in 2024. This move toward data-driven decision-making comes as organizations increasingly turn to managed security service providers (MSSPs), with outsourcing to MSSPs jumping from 47% in 2024 to 58% in 2025, particularly for cloud security guidance. "The data clearly shows a concerning trend: despite increases in cybersecurity budgets and resources, organizations continue to face more frequent attacks," said John Hurley, Optiv's chief revenue officer. "What's promising is the shift toward more strategic, data-driven approaches to budget allocation and the growing adoption of MSSPs to extend capabilities, particularly as organizations work to better understand their security vulnerabilities within the threat landscape." Additional key findings include: AI and Machine Learning Adoption Accelerating: Forty-six percent of respondents say their organizations use AI/ML to prevent cyberattacks, with 88% of these respondents incorporating generative AI at some level. The primary drivers for AI/ML adoption are improving operational efficiency (41%) and maintaining competitive advantage (40%). Automation Transforming Response Times: Fifty-seven percent of respondents report automation has reduced the time to respond to vulnerabilities, with 34% seeing significant improvements, highlighting automation's transformative role in cybersecurity operations. Vulnerability Management Challenges: Nearly three in four respondents (74%) identify a lack of understanding of every potential source of vulnerability as their biggest challenge to effective vulnerability management. SASE and SOAR Implementations Growing: Sixty-six percent of respondents say their organizations have fully or partially implemented Secure Access Service Edge (SASE), while 72% continue to significantly or moderately use Security Orchestration, Automation and Response (SOAR) to reduce cyber threats. Effectiveness of Cybersecurity Incident Response Plans (CSIRPs): Fifty-one percent of respondents say their organizations have a CSIRP applied consistently across the entire enterprise, up from 46% in 2024. The effectiveness of CSIRPs in minimizing the consequences of cybersecurity incidents has increased from 50% of respondents in 2024 to 57% of respondents in 2025. "Our independent research for Optiv reveals that organizations are making strategic investments in technology, processes and people to combat increasingly sophisticated threats," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "The growing adoption of AI, machine learning and automation technologies signals a significant shift in how organizations approach cybersecurity defense, focusing on both prevention and rapid response capabilities." Findings from Optiv's report are based on responses from 620 U.S.-based IT and IT security practitioners familiar with their organizations' strategies to manage threats and risks. For the latest news and updates from Optiv, visit Optiv Security: Secure greatness. ® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit About Ponemon Institute: Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. We uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.
Associated Press
17-02-2025
- Business
- Associated Press
INE Security Alert: Cybersecurity Training Strategies for 2025
Cary, NC, Feb. 17, 2025 (GLOBE NEWSWIRE) -- Cybersecurity breaches continue to inflict significant financial losses on businesses, with 2023 setting a record at an average cost of $4.88 million per incident, according to a 2024 study by the Ponemon Institute. Across industries, human error, skills gaps, and a lack of training are viewed as serious threats to organizational security. Training is known to be a good way to reduce threats. However, many organizations still see it as optional instead of a necessary investment. INE Security, a global leader in cybersecurity training and certifications, is releasing enhanced training strategies designed to shape technical training in 2025 and beyond and to combat growing threats effectively. Advanced Real-World Simulation Platforms With potential losses from cyber incidents exceeding $12.5 billion last year, according to the FBI, the necessity for real-world training scenarios is critical. These types of simulations have seen a 24% increase in adoption since 2020, reflecting their growing importance. This recent analysis by the Ponemon Institute shows that60% of companies include realistic simulations in their training programs, a practice that has significantly improved ROI—from 30% in 2020 to 40% in 2023. 'At INE Security, we recognize the growing demand for real-world scenarios,' said Dara Warn, CEO of INE Security. 'We continue to place a strategic emphasis on investing in tools and technologies that prioritize hands-on learning. This practical experience is essential for preparing teams to effectively manage and mitigate real-world cyber incidents.' Strategic Use of Skill Assessments Skills assessments are fundamental to identifying training needs and enhancing team performance. Research conducted by IBM shows that 84% of employees in top-performing organizations receive the training they need, which is 68% higher than in the worst-performing companies. Furthermore, well-trained teams not only contribute to $70,000 in annual savings but also experience a 10% boost in productivity, demonstrating the direct business value of effective training. By integrating skill assessments into training programs through the Skill Sonar tool, INE Security ensures that enterprises can fine-tune individual team members' learning paths to their specific needs, maximizing training efficiency and impact. These assessments help identify and bridge skill gaps, enhancing individual and organizational security team capabilities. Continuous Education and Adaptation Continuous cybersecurity education is vital in a field as dynamic as cybersecurity, where cybercriminals increasingly exploit advanced technologies like AI and GPT. Cybercriminals mentioned these platforms in over 800,000 posts in illicit markets and dark web forums in 2023, and the number is only growing, making incident response time critical. To counter these sophisticated threats, INE Security maintains a steadfast commitment to continuous education. Regular updates to training content incorporate the latest cybersecurity trends and tactics, preparing professionals to adapt to and neutralize future cybersecurity challenges. Regular updates and refresher training courses help maintain a high level of readiness and adaptability, reinforcing an organization's defense mechanisms.. This 'always on' training approach not only enhances the immediate effectiveness of cybersecurity measures but also contributes to long-term organizational resilience. Additional Cybersecurity Training Strategies for 2025 include: Focus on hands-on training. Hands-on training is essential for developing the skills needed to defend against real-world cyberattacks. INE Security's training platform and cyber ranges provide access to a library of thousands of hands-on labs that simulate real-world scenarios. Use a blended learning approach. A blended learning approach combines instructor-led training with self-paced learning. This approach allows students to learn at their own pace and on their own schedule, while still having the opportunity to interact with instructors and classmates. Stay up-to-date on the latest threats. The cybersecurity landscape is constantly evolving, so it's important for organizations to stay up-to-date on the latest threats. INE Security's training programs are updated regularly to reflect the latest industry frameworks and compliance matrices. Invest in employee training. Employees are an organization's first line of defense against cyberattacks. By investing in employee training, organizations can help to create a more secure workforce. INE Security's training programs are designed to meet the needs of employees at all levels, from entry-level to experienced professionals. A Call to Action INE Security is dedicated to providing the best cybersecurity training platform that includes a focus on real-world scenarios, effective skill assessments, and continuous education. These efforts ensure that all cybersecurity professionals can obtain the critical training needed to safeguard their organizations in an increasingly complex cyber landscape. About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for red team and blue team security training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.
