The Ponemon Institute and Venafi released today the 2015 Cost of Failed Trust Report, the only global research to analyze the impact of attacks on the Internet system of trust. The research found IT security professionals around the globe believe the system of trust established by cryptographic keys and digital certificates, as well as the security of trillions of dollars of the world’s economy, is at the breaking point. For the first time, half of the more than 2,300 IT security professionals surveyed now believe the technology behind the trust their business requires to operate is in jeopardy. All of organizations surveyed had responded to multiple attacks on keys and certificates over the last two years.
Conducted in Australia, France, Germany, the United Kingdom, and the United States, the 2015 Cost of Failed Trust Report is the only research of its kind to examine the system of digital trust on which the world’s economy depends. The 2015 research reveals that over the next two years, the risk facing every Global 5000 enterprise from attacks on keys and certificates is at least $53 million (USD), an increase of 51 percent from 2013. For four years running, 100 percent of the companies surveyed said they had responded to multiple attacks on keys and certificates, and vulnerabilities like Heartbleed have taken their toll. Sixty percent of participants agreed their organizations must do a better job responding to vulnerabilities involving keys and certificates like Heartbleed.
“The overwhelming theme in this year’s report is that online trust is at the breaking point. And it’s no surprise. Leading researchers from FireEye, Intel, Kaspersky, and Mandiant, and many others consistently identify the misuse of key and certificates as an important part of APT and cybercriminal operations,” said Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi. “Whether they realize it or not, every business relies upon cryptographic keys and digital certificates to operate. Without the trust established by keys and certificates, we’d be back to the Internet ‘stone age’ – not knowing if a website, device, or mobile application can be trusted.”
The 2015 Cost of Failed Trust Report also revealed:
"With the rising tide of attacks on keys and certificates, it’s important that enterprises really understand the grave financial consequences. We couldn’t run the world’s digital economy without the system of trust they create,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This research is incredibly timely for IT security professionals everywhere – they need a wake up call like this to realize they can no longer place blind trust in keys and certificates that are increasingly being misused by cybercriminals.”
“We hope this report will help Global 5000 security teams everywhere realize that the very technologies they have relied upon for two decades are at the breaking point and can’t keep up,” said Jeff Hudson, CEO, Venafi. “With keys and certificates broadly deployed and so integral to the future of the world’s digital economy, it must become a top priority for CEOs, board of directors, and CISOs to better secure and protect them. With no replacement in sight, failure is not an option. New ways of thinking are required - like using certificate reputation now available with Venafi TrustNet.”
To view a full copy of the report, please visit: https://www.venafi.com/Ponemon
About the 2015 Cost of Failed Trust Report
The 2015 Cost of Failed Trust Report was completed by 2,371 IT security professionals and examines the precise financial consequences of failed trust from malicious attacks that exploit cryptographic key and certificate management failures. The research not only quantifies the cost of these trust exploits, but it also gives insight into how enterprise failures in key and certificate management open the doors to criminals. This report is the only publicly available research to track the breadth and scope of these types of attacks. For company size, 59 percent of respondents were from organizations with 5,000 or more employees. The largest verticals represented were financial services (17%), government (11%), professional services (8%), consumer products (7%), and retail (7%). This survey data was collected by the Ponemon Institute during January 2015.
About Ponemon Institute
Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world. Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.