New Ponemon Study Finds Traditional Endpoint Security Approaches Are Ineffective, Costing the Average Enterprise $6 Million+ Per Year

June 13, 2017

With the cost and complexity of endpoint security at an all-time high, Ponemon’s research reveals 63 percent of enterprises cannot monitor at-risk, dark endpoints, leaving more than 50 percent of endpoints vulnerable to a costly data breach

VANCOUVER, Canada: June 13, 2017  Absolute, the self-healing endpoint security company, announced today the results of “Cost of Insecure Endpoints Benchmark Study,” an independent benchmarking study conducted by the Ponemon Institute. The research reveals that traditional endpoint security approaches are ineffective and are costing enterprises more than $6 million per year in poor detection, slow response and wasted time. As the aggressive nature of emerging threats to proprietary data continues to grow, the cost and complexity of reducing risks and confirming compliance are at an all-time high.

The Ponemon study revealed organizations are finding it increasingly difficult to identify dark endpoints — the rogue, out-of-compliance, or off-network devices that create blind spots and increase an organization’s vulnerability to attack. While confidence in endpoint security ranked low, the IT security professionals surveyed believe that close to 60 percent of the hours currently invested in the capture and evaluation of intelligence surrounding the true threats, to both compliance and proprietary data, can be saved each week by deploying automated solutions.

“At the Ponemon Institute, we’ve followed the endpoint security industry closely for more than a decade. It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Enterprises need an automated approach to give IT pros visibility into endpoint security health and to better understand risk exposure, ensure compliance and improve visibility.”

The study takes into account research into the security practices and budgets of more than 550 IT and IT security practitioners. While the results were staggering, the research did not take into account the liability associated with increased risks of data breaches that are becoming all too commonplace as workers place data at risk on laptops, mobile phones and tablets. Key findings from the study include the following:

  • Blind spots are large and growing: Among respondents, 63 percent could not monitor endpoint devices when they left the corporate network, while 53 percent of companies reveal that malware-infected endpoints have increased in the past 12 months.
  • Out-of-date, unpatched or corrupted endpoint agents are the most common endpoint security gaps: 55 percent of respondents say endpoint management and security applications have been removed or corrupted.
  • Compliance and data protection are at risk: Some 56 percent of companies lack a cohesive compliance strategy, and 70 percent report a “below average” ability to minimize endpoint failure damages. Only 28 percent of respondents say their organizations rely on automated analysis and inspection to determine compliance.
  • Respondents believe automation increases efficiency and offers better visibility of dark endpoints: It costs organizations an average of $1.37 million annually in wasted time responding to erroneous malware alerts. Enterprises could save nearly $2.1 million annually with automated endpoint security solutions.

“Managing endpoint security and protecting proprietary data is more than an IT issue, it’s increasingly a global business performance and national security concern,” said Geoff Haydon, CEO, Absolute. “This study along with recent ransomware attacks and high-profile data breaches show the danger of today’s endpoint blind spots, and underscore that automation and newer approaches to endpoint security are key to safeguarding endpoints and the sensitive data on them for optimal business performance.”

Share this article

About Absolute Software

Absolute Software makes security work. We empower mission-critical performance with advanced cyber resilience. Embedded in more than 600 million devices, our cyber resilience platform delivers endpoint-to-network access security coverage, ensures automated security compliance, and enables operational continuity. Nearly 21,000 global customers trust Absolute to protect enterprise assets, fortify security and business applications, and provide a frictionless, always-on user experience. To learn more, visit and follow us on LinkedIn.

©2024 Absolute Software Corporation. All rights reserved. ABSOLUTE, the ABSOLUTE logo, and NETMOTION are registered trademarks of Absolute Software Corporation or its subsidiaries. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

For more information, please contact:

Media Relations
Joe Franscella
[email protected]

Financial Services