Compuware-Ponemon Benchmark Study Identifies Prominent Privacy, Data Security Vulnerabilities to Financial Services


DETROIT, March 2, 2010 (GLOBE NEWSWIRE) – Compuware Corporation (Nasdaq:CPWR) today announced the results of a benchmark study, commissioned by Compuware and conducted by the Ponemon Institute(C). The study found six primary areas of vulnerability to privacy and data security for the financial services industry: risk of data breach, diminishment of customer loyalty and trust, malicious or negligent insiders, risk of outsourcing confidential data to third parties, regulatory non-compliance, and ineffective privacy and information governance.

The study, Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry, was compiled from interviews with chief information security officers, chief security officers, chief privacy officers or executives with equivalent responsibilities from 80 multinational financial services organizations. The findings revealed areas of vulnerability or non-compliance, such as 83 percent of financial service companies surveyed using real data in the development and testing of applications. A majority of these organizations do not take appropriates steps to protect this confidential and sensitive information.

“A single intrusion that compromises private data such as credit card numbers, Social Security numbers, or other financial data can cause immense damage to an enterprise’s reputation, not to mention initiating lawsuits and regulatory fines that can have long-term impact,” said Noel Yuhanna in the September 2009 Forrester Research report: Your Enterprise Database Security Strategy 2010. “Database security is the last line of defense, so it deserves greater focus on the protection of private data from both internal and external attacks than IT pros have traditionally given it.”

In addition to this area of vulnerability, the Ponemon study found other commonly overlooked areas of risk to data security, including:

  • Identity compliance procedures (used by only 56 percent of companies surveyed);
  • Intrusion detection systems (used by only 47 percent of companies surveyed);
  • Data loss prevention (DLP) technology (used by only 41 percent of companies surveyed); and
  • Social Security number usage (88 percent of those surveyed still use this as a primary identifier).

The report also found that while 60 percent of organizations have a chief privacy officer, 50 percent of them report that they have insufficient resources to accomplish their goals and objectives.

“One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study,” said Larry Ponemon PhD., Ponemon Institute. “While there is a great deal of progress being made, there is still a long way to go.”

Compuware Data Privacy solutions provide security in both the test and production environments. Compuware offers a complete data privacy solution to help companies protect their critically sensitive information by making it possible to encrypt, scramble, translate, generate, age, analyze and validate test data. The solution also allows efficient recording of authorized internal activity between users and the application, protecting data against internal attacks.

“Safeguarding customer data is the best approach for financial services and other organizations to retain valuable customers, protect the company’s reputation, and avoid negative regulatory impacts,” said Rose Rowe, Compuware Vice President, Mainframe Strategy. “Compuware’s Data Privacy solutions help the world’s leading financial institutions ensure that their IT teams can effectively test important business applications while still upholding the trust that consumers place in their business.”

The Privacy and Data Protection Practices: Benchmark Study of the Financial Services Industry study was a three month project ending in October, 2009. The benchmark survey instrument was designed to collect descriptive information about the privacy and data protection practices of financial services companies. In total, 80 companies were selected for analysis in the report based on organizational size–more than 500 employees. The companies represented are mostly large financial, multi-national business organizations based in North America and included banking, investment, brokerage, insurance, credit card and mortgage organizations.

Compuware Corporation

Founded in 1973, Compuware provides software, experts and best practices to ensure applications work well and deliver business value. Compuware solutions optimize application performance across the Enterprise and the Internet for leading organizations around the world, including 46 of the top 50 Fortune 500 companies and 12 of the top 20 most visited U.S. web sites. Learn more at:

Follow us on Twitter at

The Compuware logo is available at

About the Ponemon Institute LLC

The Ponemon Institute(C) is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. Visit the Ponemon Institute at for more information

CONTACT: Compuware Corporation
Press Contact
Sean M. Patrick, Communication Analyst, Compuware
Communications and Investor Relations

For Sales and Marketing Information

Mainframe Software Solutions

One Campus Martius, Detroit, MI 48226

Facebook Comments