The Ponemon Institute and Venafi have announced the availability of the first annual report that calculates the costs of failed trust.“We rely on keys and certificates to provide the bedrock of trust for all business and government activities, online and in the cloud. Yet criminals are turning our dependence on these trust instruments against us at an alarming rate,” said Larry Ponemon, chairman and founder of Ponemon Institute Research.
“This new research not only allows us to quantify the cost of these trust exploits, but also gives insight into how enterprise failures in key and certificate management open the door to criminals.”
Entitled “2013 Annual Cost of Failed Trust Report: Threats & Attacks,” the white paper provides an extensive examination of how failure to control trust when faced with cyber threats exposes enterprises to serious risks.
According to the figures, global enterprises will lose an average of $35 million (26 million EUR) over a period of two years because of attacks on trust. The total possible cost exposures are close to $400 million (300 million EUR) per organization.
A worrying finding of the report is that weak cryptography exploits, which are not difficult to prevent, are the most costly, averaging at around $125 million (94 million EUR) per organization.
Certificate Authority (CA) compromises, which have become highly common these days, have an average cost of $73 million (55 million EUR) per incident, per organization.
When it comes to incidents caused by failed key and certificate management, all of the surveyed enterprises admitted suffering at least one attack on trust.
“Trust is the foundation of all relationships, including those between enterprises and the markets they serve. As our world becomes more connected and more dependent on cloud and mobile technologies, maintaining control over trust by managing keys and certificates must be a top priority for all CEOs, CIOs, CISOs and IT security managers,” Jeff Hudson, the CEO of Venafi, explained.
“When trust is compromised, business stops. Our hope is that this report provides both the validation and the motivation to help business and IT executives take action.”
The complete report is available here.
Check out the highlights of the report presented by Venafi CEO Jeff Hudson: