SOURCE: Venafi


February 26, 2013 11:00 ET

Ponemon to Present Key Findings From Its 2013 Cost of Failed Trust Report: Threats & Attacks at RSA Conference 2013

Dr. Larry Ponemon to Highlight How Cyberattacks on Trust Expose Every Global Enterprise to $398 Million in Potential Losses; Groundbreaking Research Quantifies the Financial Impact of Key and Certificate Management Failures

SALT LAKE CITY, UT and SAN FRANCISCO, CA--(Marketwire - Feb 26, 2013) - RSA Conference 2013 -- Ponemon Institute will present findings from its 2013 Cost of Failed Trust Report: Threats & Attacks, underwritten by Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, at RSA Conference 2013 in San Francisco on Thursday, February 28. Dr. Larry Ponemon will present the report findings during a joint track session titled "Controlling Trust and Risk: Lessons Learned at Boeing and New Ponemon Research." The session will present how digital certificates and cryptographic keys provide the foundation of trust in today's enterprises, and expose the hard costs associated with sub-standard key and certificate management.

Click to Tweet: #PonemonInstitute to present 2013 Cost of Failed Trust Report at #RSA on Thurs. Controlling #Trust & #Risk track session

"During this track session I will discuss how systemic enterprise failures in key and certificate management create vulnerabilities that cybercriminals are exploiting to breach corporate and government networks, steal data and disrupt critical business operations," said Larry Ponemon, chairman and founder of Ponemon Institute Research. "I will present the findings from the 2013 Cost of Failed Trust report, including the research methodology, which quantifies for the first time the cost of trust exploits.

"I'll share some of the expected and startling findings, including the fact that more than half of the companies surveyed do not know how many keys and certificates they have, that every company had experienced an attack on trust due to failed key and certificate management, and that trust attacks are projected to cost organizations an average of $35 million over 24 months, with a maximum cost exposure of $398 million per organization."

"These new research findings make it clear that organizations must remediate this problem quickly," said Kevin Bocek, Venafi vice president of product marketing. "Every organization participating in the research experienced at least one trust exploit in the last two years, and more exploits are expected in the coming 24 months. Enterprises need to proactively manage their keys and certificates or the attacks will only increase. Given our dependence on keys and certificates in the activities of everyday life, from payments to healthcare, that are conducted online, on mobile devices and in the cloud, enterprises have no alternatives. The only difference will be between enterprises that are ahead of the problem and those that are forced into action when under attack. Attend Dr. Ponemon's session at this year's RSA Conference in San Francisco to learn more about the findings."

Download the full Ponemon 2013 Cost of Failed Trust Report: Threats & Attacks here.

Some of the key findings Dr. Ponemon will share include:

  • High costs: On average, enterprises are projected to risk losing an average of $35 million over 24 months from attacks on trust. Total possible cost exposure could be almost $400 million per organization.
  • Widespread vulnerability: All surveyed enterprises suffered at least one attack on trust due to failed key and certificate management.
  • Too vast a problem for manual management: Enterprises have on average 17,807 keys and certificates each, according to the report.
  • Unknown and unquantified risk: Fifty-one percent of surveyed organizations do not know exactly how many keys and certificates they have. 
  • Clear and present danger to cloud computing: Respondents believe difficult-to-detect attacks on Secure Shell (SSH) keys, critical for cloud services from Amazon and Microsoft, present the most alarming threat arising from failure to control trust.
  • The need to establish control over trust: Already, 59 percent of enterprises believe that proper key and certificate management can help them regain control over trust and avoid these risks.

The RSA Conference session details:

  • Who: Larry Ponemon, chairman and founder of Ponemon Institute Research
  • What: Controlling Trust and Risk: Lessons Learned at Boeing and New Ponemon Research
  • When: Thursday, February 28, 1 to 2 p.m.
  • Where: RSA Conference 2013, Room 123

For more information on the session, visit

To view the report, visit

To view a video clip of Venafi CEO Jeff Hudson discussing the research, visit:

To learn more about the report methodology and key findings, visit the Ponemon Institute blog

About Ponemon Institute
Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Venafi
Venafi is the inventor of and market leader in enterprise key and certificate management (EKCM). Venafi delivered the first enterprise-class solution to discover all digital certificates and cryptographic keys within an organization, connect these assets to the people responsible for them, report on and audit their use to prove compliance, enforce policy, and automate operations to eliminate security risks, unplanned outages and compliance failures. Designed specifically for the enterprise, Venafi Director helps organizations regain control over trust in the data center, on desktops and mobile devices, and in the cloud by managing Any key. Any certificate. Anywhere™. Venafi also publishes best practices for effective key and certificate management. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit