Sponsored by Raytheon - Raytheon: Customer Success Is · PDF file ·...

2015 Global Megatrends in Cybersecurity

Ponemon Institute© Research Report

Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015

Ponemon Institute©: Research Report Page 1

2015 Global Megatrends in Cybersecurity Ponemon Institute, February 2015

Part 1. Introduction We are pleased to present the findings of the 2015 Global Megatrends in Cybersecurity sponsored by Raytheon. The purpose of this research is to understand the big trends or changes that will impact the security posture of organizations in both the public and private sector in the next three years. Moreover, the study looks at the next generation of protocols and practices as the cybersecurity field evolves and matures. We surveyed 1,006 senior-level information technology and information technology security leaders (hereafter referred to as respondent) in the US, UK/Europe and Middle East/North Africa (MENA) who are familiar with their organizations’ cybersecurity strategies. The research covered a range of trends related to an organization’s ability to protect itself from cyber threats and attacks. Some of the areas addressed in this report are: the critical disconnect between CISOs and senior leadership, insider negligence, the Internet of Things, adoption of new technologies such as big data analytics, predictions of increases in nation state attacks and advanced persistent threats and the dearth of cyber talent. Overall direction of cybersecurity posture As noted in Figure 1, a majority of respondents believe their organizations’ cybersecurity posture will improve. Respondents in MENA are most positive about improvements in cyber security and the UK/Europe is least positive. According to the findings, the following reasons are why the cyber security posture of organizations are projected to improve over the next three years: § Cyber intelligence will become

more timely and actionable § More funding will be made

available to invest in people and technologies

§ Technologies will become more effective in detecting and responding to cyber threats § More staffing will be available to deal with the increasing frequency of attacks § Employee-related risks will decline Following are reasons why the cyber security posture of organizations might decline: § Inability to hire and retain expert staff § Lack of actionable and timely intelligence § Employee-related risks might not be reduced § A lack of funding will prevent appropriate investments in people and technologies § Technologies that address the specific cyber threats to the organization will not be available


Part 2. Seven Megatrends in Cybersecurity Based on the findings of the research, there are seven mega trends that will significantly impact the cybersecurity posture of organizations in the following areas: disruptive technologies, cyber crime, cost of compliance, the human factor, organizational and governance factors and enabling security technologies. Following is a summary of these seven mega trends and implications for companies. 1. Cybersecurity will become a competitive advantage and a C-level priority. As part of this study, we asked a panel of cybersecurity experts to predict changes to several normatively important characteristics concerning the role, mission and strategy of security.1 A total of 110 individuals with bona fide credentials in information security provided their three-year predictions. In each of the following figures, today’s average results were derived from the survey sample (n=1,006). An expert panel provided future predictions (n=110). Figure 2 shows only 25 percent of respondents believe their organization’s C-level views security as a competitive advantage. However, 59 percent of respondents in the expert panel say C-level executives will view security as a competitive advantage three years from now. Figure 2. Do your organization’s senior leadership view cybersecurity as a necessary cost or a competitive advantage?

1The expert panel consisted of individuals with, on average, more than 20 years of experience in IT or information security leadership. Many of these individuals are Distinguished Fellows of Ponemon Institute.

75%

41%

25%

59%

0%

10%

20%

30%

40%

50%

60%

70%

80%

Today Future (3 years from now)

Necessary cost Competitive advantage


Figure 3 shows only 34 percent of respondents believe their organization’s senior leadership views security as a strategic priority. Fifty-four percent of the expert panel forecast that C-level executives will view security as a strategic priority three years from now. Figure 3. Does senior leadership view cybersecurity as a strategic priority?

Figure 4 shows 22 percent of respondents say their organization’s security leader briefs the board of directors on cybersecurity strategy. Sixty-six percent of the expert panel forecast that three years from now the organization’s security leader will regularly brief the board on a recurring basis. Figure 4. Does your organization’s security leader brief the board of directors on the cybersecurity strategy?

34%

54%

66%

46%

0%

10%

20%

30%

40%

50%

60%

70%


Yes No or Unsure

22%

66%

78%

34%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%


Yes No or Unsure


Figure 5 reports 14 percent of respondents say their organization’s security leader has a direct reporting relationship with the CEO. In contrast, 30 percent of the expert panel predict that the security leader will directly report to the organization’s CEO three years from now. Figure 5. Does your organization’s security leader report directly to the CEO?

14%

30%

86%

70%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%


Yes No or Unsure


The following megatrends are presented as a percentage net change between the current state (e.g., today) and the future state (e.g., 3 years from now). The formula for percentage net change is defined as: Percentage net change = {[Current state – Future state] / ½ * [Current state + Future state]} 2. Insider negligence risks are decreasing. Due to investments in technologies, organizations will gain better control over employees’ insecure devices and apps. Training programs will increase awareness of cybersecurity practices. A lack of visibility into what employees are doing in the workplace will become less of a problem in the next three years. Figure 6 provides the percentage net changes in human factor security risks. Here, a negative percentage indicates that the security risk rating is expected to increase. A positive percentage indicates the risk is forecasted to decline. As noted in this figure, only one attribution (about the inability to enforce compliance with polices) is expected to worsen over the next three years. According to respondents, the inability to control employees’ devices and apps, lack of awareness of cybersecurity practices, employee complacency about cybersecurity and a lack of visibility into what employees are doing in the workplace will become less of a problem in the next three years. Investments in technologies to address these threats and better controls over BYOD and BYOC will make these risks more manageable. Figure 6. Percentage net changes in human factor megatrends Consolidated view

51%

40%

32%

30%

25%

10%

4%

-2%

-10% 0% 10% 20% 30% 40% 50% 60%

Inability to know what employees are doing in the workplace

Employee complacency about cybersecurity

Inability to control employees' devices and apps

Lack of awareness of cybersecurity practices

Insufficient staff with knowledge and credentials

More employees working outside the office

Contract workers replacing employees

Inability to enforce compliance with policies

Percentage net change on security risk ratings


3. Cyber crime will keep information security leaders up night. There will be significant increases in the risk of nation state attackers and advanced persistent threats, cyber warfare or terrorism, data breaches involving high value information and the stealth and sophistication of cyber attackers. In contrast, there are expected to be slight improvements in mitigating the risk of hacktivism and malicious or criminal insiders. Figure 7 provides the percentage net changes in cyber crime mega trends. Here, a negative percentage indicates that the security risk rating is expected to increase. A positive percentage indicates that risk is forecasted to decline. According to respondents, there will be significant increases in the risk of nation state attackers and advanced persistent threats, cyber warfare or terrorism, data breaches involving high value information and the stealth and sophistication of cyber attackers. In contrast, there are expected to be slight improvements in mitigating the risk of hacktivism and malicious or criminal insiders. Figure 7. Percentage net changes in cyber crime megatrends Consolidated view

3%

2%

0%

-3%

-11%

-12%

-13%

-14%

-15%

-24%

-37%

-45% -35% -25% -15% -5% 5% 15%

Emergence of hacktivism

Malicious or criminal insiders

Emergence of cyber syndicates

Breaches involving large volumes of data

Breaches that damage critical infrastructure

Breaches that disrupt business and IT processes

Zero-day attacks

Stealth and sophistication of cyber attackers

Breaches involving high-value information

Cyber warfare or cyber terrorism

Nation state attackers



4. The Internet of Things is here but organizations are slow to address its security risks. The Internet of Things is the expanding network of billions of connected devices that are permeating our daily lives—from the computers inside our cars to our WiFi enabled appliances, from wireless medical devices to wearable device. Because consumers are embracing more connected devices, information security leaders predict that the Internet of Things will be one of the most significant disruptive technologies in the near future. Figure 8 shows respondents’ perceptions about preparedness for cybersecurity risks resulting from the Internet of Things are generally consistent across all three regional samples. The majority of respondents do not believe they are ready for the impact the Internet of Things will have on their organizations. Figure 8. My organization is prepared to deal with potential cybersecurity risks resulting from the Internet of Things

34%

30% 28%

0%

5%

10%

15%

20%

25%

30%

35%

40%

US UK/Europe MENA

Strongly agree and agree responses combined


Figure 9 shows the disruptive technologies that will increase or decrease in their risk to an organization. The Internet of Things risk is projected to increase by 25 percent and follows virtual currencies (48 percent increase in risk) and big data analytics (32 percent increase in risk). Figure 9. Percentage net changes in disruptive technology megatrends Consolidated view

38%

33%

25%

19%

15%

14%

11%

3%

-21%

-25%

-32%

-48%

-60% -50% -40% -30% -20% -10% 0% 10% 20% 30% 40% 50%

Employees’ use of favorite cloud apps (BYOC)

Employee-owned mobile devices (BYOD)

Organization’s use of cloud services

Organization’s use of cloud file sharing tools

Organization’s use of digital identities

Organization’s use of cloud infrastructure

Employees’ use of social media in the workplace

Organization’s use of IT virtualization

Organization’s use of mobile payments

The Internet of Things

Organization’s use of big data analytics

Organization’s acceptance of virtual currencies



5. The cyber talent gap will persist. Figure 10 shows respondents in three regional samples hold a consistent belief that their organizations need more knowledgeable and experienced cybersecurity practitioners (i.e., the cyber talent gap). Figure 10. My organization needs more knowledgeable and experienced cybersecurity practitioners

Figure 11 lists the factors that respondents believe could hinder or stall improvements in their organization’s cybersecurity posture in the next 3 years. At 45 percent, the number one factor for respondents is the inability to hire and retain staff. This is closely followed by a lack of actionable intelligence (44 percent) and the inability to curtail employee-related security risks (43 percent). Figure 11. Factors that will hinder improvement over the next 3 years Consolidated view

67% 66% 65%

0%

10%

20%

30%

40%

50%

60%

70%

80%

US UK/Europe MENA

Strongly agree and agree responses combined

19%

22%

29%

31%

33%

34%

43%

44%

45%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Increase in compliance burden

Lack of cybersecurity leadership

Lack of C-level support

Increase in complexity

Lack of suitable technologies

Lack of funding

Inability to minimize employee risk

Lack of actionable intelligence

Inability to hire and retain expert staff


6. Big shifts in new technologies towards big data analytics, forensics and intelligence-based cyber solutions. The following technologies will gain the most in importance over the next 3 years: encryption for data at rest, big data analytics, SIEM and cybersecurity intelligence, automated forensics tools, encryption for data in motion, next generation firewalls, web application firewalls, threat intelligence feeds and sandboxing or isolation tools. Figure 12 provides the percentage net changes in importance ratings for 25 enabling security technologies for the consolidated sample. Here, a positive net change percentage indicates that the importance of a given technology is projected to increase over the next three years. A negative percentage indicates the importance of the technology is projected to decrease. The technologies that achieve the highest percentage net change are: encryption for data at rest, big data analytics, forensics (automated tools), next generation firewalls, SIEM, threat intelligence feeds, web application firewalls, sandboxing or isolation tools and encryption for data in motion. Technologies that are projected to become less important over time include anti-virus tools and data loss prevention systems. Figure 12. Percentage change in importance of enabling security technologies Consolidated view

-17% -12%

-6% -5% -4% -4%

-2% -1%

0% 0%

1% 2% 2% 3%

4% 6%

17% 17% 18% 18%

19% 19% 20% 20%

24%

-30% -20% -10% 0% 10% 20% 30%

Anti-virus & anti-malware Data loss prevention (DLP)

Endpoint and mobile device management ID & credentialing system

Virtual private network (VPN) Configuration & log management

Device anti-theft solutions URL or content filtering

Database scanning and monitoring Incident response tools

Intrusion detection & prevention Identity & access management

Perimeter or location surveillance Automated policy generation

Tokenization tools Access governance systems Sandboxing or isolation tools

Threat intelligence feeds Web application firewalls (WAF)

Next generation firewalls (NGFW) Encryption for data in motion Forensics (automated tools)

SIEM and cybersecurity intelligence Big data analytics

Encryption for data at rest

Percentage net change on importance ratings


7. Despite alarming media headlines, cybersecurity postures are expected to improve. As noted in Figure 13, the majority of respondents say their cybersecurity postures will improve for the following reasons: cyber intelligence will become more timely and actionable, more funding will be made available to invest in people and technologies, technologies will become more effective in detecting and responding to cyber threats, more staffing will be available to deal with the increasing frequency of attacks and employee-related risks will decline. Figure 13. Will our organization’s security posture improve, decline or stay at the same level?

60% 55%

64%

31% 32%

26%

9% 13%

10%

0%

10%

20%

30%

40%

50%

60%

70%

US UK/Europe MENA

Improve Stay the same Decline


Part 3. Country Comparisons In this section we compare the average megatrend ratings for the countries represented in this study. Figure 14 provides the summarized average risk rating for six areas of megatrends by country sample. Each respondent provided a rating on a 5-point scale from 1 = low to 5 = high. A risk scale was used to rate four mega trend categories – namely, organizational factors, the human factor, disruptive technologies and cyber crime. Security technologies were rated on importance and compliance was rated on cost burden. Respondents provided ratings in three separate samples (US, UK/Europe and MENA) for today and three years from now (future). As shown below, ratings across country samples vary. The US sample appears to have higher or more risky ratings on average and the MENA sample has lower or less risky ratings. The grand mean for both the current state (today) and future state is 3.6, which is significantly higher than the 5-point scale median of 3.0. Figure 14. Average megatrend ratings for today and future state by country sample

1.0 2.0 3.0 4.0 5.0

Compliance cost

Cyber crime

Disruptive technologies

Human factor

Organizational factors

Security technologies

Panel A: Current State (Today)

MENA UK/Europe US

1.0 2.0 3.0 4.0 5.0

Compliance cost

Cyber crime


Human factor



Panel B: Future State (3 years from now)

MENA UK/Europe US


According to the findings, net changes across country samples are generally consistent, with mixed results for human and organizational factors, respectively. Results suggest that security technologies will increase in importance and the human factor risk will improve significantly in the US and UK/Europe over three years. In contrast, organizational factors, disruptive technologies, cyber crime and compliance costs are all predicted to worsen over time. In the US, organizational factors will improve slightly. Figure 15. Percentage net changes between current and future states by country sample

-24%

-8%

-8%

43%

2%

14%

-10%

-6%

-22%

23%

-20%

17%

-18%

-10%

-8%

-10%

-2%

17%

-30% -20% -10% 0% 10% 20% 30% 40% 50%

Compliance cost

Cyber crime


Human factor



MENA UK/Europe US

Worsened State Improved State


Part 4. Other Megatrends and Findings Will governance practices evolve to meet cybersecurity challenges? Three years from now, due in part to the growth of connected mobile devices, respondents believe it will become more difficult to secure access to data, systems and physical spaces, as shown in Figure 16. Respondents also believe the complexity of IT operations coupled with the growth of unstructured data assets will cause a substantial increase in security risks. Another factor that is projected to increase risk concerns the inability to integrate disparate technologies. Figure 16. Percentage net change in organizational factor mega trends Consolidated view

19%

13%

8%

2%

1%

-2%

-7%

-9%

-17%

-20%

-35% -25% -15% -5% 5% 15% 25%

Lack of funding to support cyber defense

Inability to convince leadership to make cybersecurity a priority

Lack of cybersecurity leadership

Silos and the lack of collaboration

Integration of third parties into internal networks and applications

Inability to integrate necessary data sources for actionable cyber intelligence

Inability to integrate disparate technologies

Growth of unstructured data assets

Complexity of business and IT operations

Inability to secure access rights to data, systems and physical spaces



The compliance cost burden is predicted to increase. Three years from now, due to the increase in cyber attacks and cyber terrorism, organizations will be facing the need to invest more in compliance with mandates on critical infrastructure protection and national cyber defense strategies. An increase in class action and tort litigation because of the continuation of data breaches will be another concern for organizations. Figure 17. Percentage change in compliance cost megatrends Consolidated view

3%

0%

-1%

-4%

-8%

-9%

-31%

-40%

-41%

-50% -40% -30% -20% -10% 0% 10%

Cybersecurity governance

Self-regulatory programs (such as ISO 27.001 or PCI)

State laws regulating data protection and privacy

E-Discovery requirements

International privacy and data protection laws

Federal laws regulating data protection and privacy

Class action and tort litigation

National cyber defense strategies

Mandates on critical infrastructure protection

Percentage net change on cost ratings


What respondents believe is the current state of cybersecurity. Figure 18 provides the strongly agree and agree response to eight attributions about cybersecurity. As can be seen, 66 percent of respondents believe their organization needs more knowledgeable and experienced cybersecurity practitioners. Fifty-nine percent believe cyber intelligence activities are necessary for protecting information assets and IT infrastructure. Slightly less than half (48 percent ) believe their organization has adequate security technologies. Finally, only 31 percent of respondents believe their organization is prepared to deal with cybersecurity risks or issues in the Internet of Things. Figure 18. The current state of cybersecurity Strongly agree and Agree responses combined

31%

37%

39%

47%

47%

48%

59%

66%

0% 10% 20% 30% 40% 50% 60% 70%

My organization is prepared to deal with potential cybersecurity risks resulting from the “Internet of

things”.

My organization is investing in big data analytics for cyber defense.

My organization consistently follows policies and procedures that seek to protect information

assets and IT infrastructure.

My organization has ample resources to ensure all cybersecurity requirements are met.

My organization takes appropriate steps to comply with the leading cybersecurity standards.

My organization has adequate security technologies to protect information assets and IT

infrastructure.

My organization believes cyber intelligence activities are necessary for protecting information

assets and IT infrastructure.

My organization needs more knowledgeable and experienced cybersecurity practitioners.

Strongly agree and Agree responses combined


Why will organizations cybersecurity posture improve? As discussed earlier in the report, there is general optimism that organizations will rise to the challenge of dealing with cyber threats. Figure 19 shows the success factors that respondents believe could drive improvement to their organization’s cybersecurity posture in the next 3 years. The top three choices are: increase in funding, improvements to cyber intelligence and improvement in enabling security technologies. Figure 19. Factors that will drive improvement over the next 3 years Consolidated view

10%

16%

19%

21%

23%

36%

40%

41%

47%

47%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Reduction in compliance burden

Increase in C-level support

Cybersecurity leadership

Reduction in complexity

Improvement in threat sharing

Ability to minimize employee-related risk

Improvement in staffing

Improvement in technologies

Cyber intelligence improvements

Increase in funding


Figure 20 lists in descending order of importance what respondents believe will be the most prevalent types of cyber threats over the next 3 years. The top five choices are: zero day attacks, data leakage in the cloud, mobile malware/targeted attacks, SQL injection and phishing attacks. Figure 20. What respondents believe will be the most prevalent cyber threats or attacks over the next three years Consolidated view

7%

8%

8%

9%

10%

10%

10%

12%

13%

22%

23%

23%

25%

29%

35%

36%

37%

38%

41%

49%

0% 10% 20% 30% 40% 50% 60%

Attacks against control systems

Clickjacking

Linux malware/targeted attacks

Botnet attacks

MacOS malware/targeted attacks

Compromised MSSPs/SaaS providers

Compromised trusted partners

Cross-site scripting

BYOD data theft

Rootkits

DDoS

Insider threats

Compromised supply chain

Watering hole attacks

Critical infrastructure attacks

Phishing attacks

SQL injection

Mobile malware/targeted attacks

Cloud data leakage

Zero day attacks


Part 4. Conclusion Many information security professionals believe the next three years will determine if organizations can win the cyber war. Understanding the big trends that will impact the security posture of organizations will help organizations make smarter decisions about their investments in people, processes and technologies to achieve success. To gain this understanding, we turned to information security leaders throughout the world to identify the most important trends for the next three years. Based on the findings, following are recommendations and observations: § Prepare to deal with external threats such as nation state attackers, cyber warfare or cyber

terrorism. With the negligence insider risk decreasing, more resources should be allocated to dealing with an increasing sophisticated and stealthy cyber criminal.

§ Establish regular cyber training and awareness programs. These programs are critical in

making employees and contractors the first line of defense against malicious or criminal activity.

§ Develop a strategy to deal with the risks created by the Internet of Things. Conduct a security

impact assessment on how the Internet of Things will impact your organization’s security posture.

§ Be aware of the growing adoption of virtual currencies that will pose new risks to both

organizations and customers. § Understand how to use big data analytics effectively. Big data analytics will have both a

negative and positive impact on organizations. The negative will be the vast amounts of sensitive and confidential data that will have to be protected. The positive will be the availability of analytics that will be helpful in detecting and blocking cyber attacks.

§ Go back to school and recruit experts in cybersecurity. A key differentiator among

organizations will be the ability to hire and retain knowledgeable and experienced cybersecurity practitioners.

§ Invest in the tried and true technologies because they will become more important. These

include encryption for data at rest and in motion, SIEM and cybersecurity technologies and firewalls.

§ While leadership for cybersecurity initiatives will improve other governance issues will

become more troublesome. These are the inability to secure access rights to data, systems and physical spaces, complexity of business and IT operations, the growth of unstructured data assets and the inability to integrate disparate technologies.

§ Prepare to deal with an increasing litigious environment due to class action and tort litigation.

The compliance cost burden will increase for organizations due to mandates on critical infrastructure protection.


Part 5. Methods A random sampling frame of 27,125 senior-level IT and IT security practitioners located in the United States, Europe and MENA were selected as participants to this survey. All respondents were screened to ensure they had bona fide credentials in cybersecurity or related disciplines.2 When asked what best describes their role in managing security risk, 58 percent of respondents said they set priorities, 57 percent said they manage budgets, 63 percent select vendors and contractors, 43 percent determine the organization’s security strategy and 46 percent evaluate program performance. By design, 97 percent of respondents are at supervisory or executive levels. The organizational level of respondents is as follows: C-level (8 percent), Director (32 percent), Vice President (13 percent), Senior Executive (10 percent), Manager (34 percent) and Other (3 percent). The department or function where respondents are located within the organization is as follows: Chief Information Officer (51 percent), Chief Technology Officer (8 percent), CEO/President (7 percent), Chief Security Officer (6 percent), Chief Risk Officer (6 percent), Chief Financial Officer (5 percent), General Counsel (5 percent), Compliance Officer (4 percent), Business Owner (3 percent) and Other (5 percent). As shown in Table 1, a consolidated total of 1,125 respondents completed the survey. Screening and failed reliability checks resulted in the removal of 119 surveys. The final sample was 1,006 surveys (or a 3.7 percent overall response rate). Table 1. Survey Response US UK/Europe MENA Consolidated

Total sampling frame 11,550 9,790 5,785 27,125

Total survey returns 467 455 203 1125

Rejected or screened surveys 46 52 21 119

Final sample 421 403 182 1006

Response rate 3.6% 4.1% 3.1% 3.7%

2When asked what best describes their job-related role in managing security risk, 58 percent of respondents said they set priorities, 57 percent said they manage budgets, 63 percent said they select vendors and contractors, 43 percent determine the organization’s security strategy and 46 percent evaluate program performance.


Pie Chart 1 reports the industry segments of respondents’ organizations. This chart identifies financial services (15 percent) as the largest segment, followed by industrial (12 percent) and public sector (11 percent). Pie Chart 1. Industry distribution of respondents’ organizations

Pie chart 2 shows 42 percent of respondents are from organizations with a worldwide headcount of more than 5,000 employees.

Pie Chart 2. Worldwide headcount of the organization

15%

12%

11%

10% 9%

6%

5%

5%

4%

3%

3%

3% 3%

3% 3% 3% 2% Financial services

Industrial Public sector Services Health & pharmaceutical Energy & utilities Technology Hospitality & leisure Software Consumer products Retail, store Other Retail, Internet Transportation Communications Education & research Agriculture & food services

14%

20%

24%

22%

12%

9%

< 100

100 to 500

501 to 5,000

5,001 to 10,000

10,001 to 25,000

> 25,000


Part 6. Caveats

There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys.

Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response.

Please contact [email protected] or call us at 800.877.3118 if you have any questions.

Ponemon Institute

Advancing Responsible Information Management

Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.

As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Copyright © 2015, Raytheon Company, Ponemon Institute, LLC. All rights reserved. No parts of this material may be reproduced in any form without the written permission of Raytheon or the Ponemon Institute, LLC. Permission has been obtained from the copyright co-owner, Raytheon to publish this reproduction, which is the same in all material respects, as the original unless approved as changed. No parts of this document may be reproduced, stored in any retrieval system, or transmitted in any form, or by any means electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of Raytheon or the Ponemon Institute, LLC.

Sponsored by Raytheon - Raytheon: Customer Success Is · PDF file ·...

Documents

Transcript of Sponsored by Raytheon - Raytheon: Customer Success Is · PDF file ·...