The Lares Institute is currently conducting a number of cutting edge research projects related to information governance, including an assessment of information security practices, loss due to information security breaches, as well as information security practices. If you would like to join a research panel, please contact Andy Serwin.


Data Breaches and the Phantom Damage Allegation.

Privacy litigation is a common issue for companies, and there are a number of companies that face class actions as a result of an alleged data breach. While certain privacy claims give rise to statutory damages, the vast majority of these cases rely upon the allegation that the plaintiffs were “harmed” by a data breach. Typically these allegations are difficult for plaintiffs to prove.

The Lares Institute has just concluded a study regarding data breaches and the extent of damages that result, or fail to result, from data breaches. The complete white paper can be found here.


Survey on Social Media.

The Lares Institute conducted a survey on social media and corporate practices. The survey is complete and the results are linked here.

Survey on Information Risk and Loss.

Determining loss as a result of a information security incident presents unique issues for companies and can impact a company’s ability to prevent incidents and enforce its rights. The Lares Institute is currently conducting a survey to examine how companies assess and value loss. Please contact us if you would like to participate.

Study on Information Collection.

Understanding what information your organization collects is an important touch point in assessing information risk, as is illustrated by the recent focus on the collection of information via the Web and mobile devices. This study will examine the information gathering practices of a number of companies to determine what “best practices” exist in this burgeoning space.

Information Controls and Benchmarking.

Given resource limitations and emerging threats, no organization can have perfect information security. Understanding your company’s risk profile, including by benchmarking information security practices against other companies is a step that can potentially reduce your company’s risk profile. This study will examine the information security practices of a number of companies and attempt to determine what information security precautions are key to an effective information governance program.