Symantec and the Ponemon Institute recently teamed up on study, the results of which have been published today. The study reveals that regulatory compliance and data breach mitigation are now the two overbearing factors driving organisations to deploy encryption technologies.
The report also found that solutions including encryption are most frequently earmarked for budget across all the countries surveyed in the report over the past year, considerably more so than in prior reports.
The fifth annual study on enterprise encryption usage is based on responses from nearly 1,000 senior IT and business managers from 15 different industries, including financial services, public sector, consumer products and retail and healthcare, in the UK, France, Germany, and Australia. Internationally, the report found that the average organisational cost of a data breach was $3.4 million. Previous research by the Ponemon Institute has shown that the average cost of a data breach is over £1.68m per incident.
In the UK, The twin drivers of encryption technology adoption were mitigation of data breaches, cited by 40 percent of those questioned, and complying with privacy or data security regulations and requirements, at 39 percent. These figures increased from 30 and 35 percent in 2009 respectively.
“Given that tough new data protection regulations mandate the use of encryption as a hedge against data breaches, enterprises are under increased pressure to invest in these technologies in order to comply,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “A string of high-profile cases involving the loss, theft and misuse of data by government agencies and businesses in the UK has driven the Government to make improving cybersecurity – and particularly protection of personal information and national cyber infrastructure and sensitive data – a national priority.”
UK Survey Highlights:
- Data breaches continue to be a major concern for organisations across all the countries surveyed and the subset experiencing more than five a year is on the rise. In the past 12 months, 88 percent of global organisations surveyed had at least one data breach, up three percent from 2009. That increase is driven primarily by the group that experienced more than five breaches, up three percent from 2009 and 12 percent from 2008.
- The vast majority of UK organizations surveyed continue to adopt encryption: In this year’s study, 53 percent had fully executed or just launched data encryption technology, while 47 percent were in the process of implementing data encryption programmes.
- One third of UK organisations surveyed do not have some type of strategy for using encryption across the enterprise. This is a decline from 2009 when 40 percent reported that their organisations did not have an overall encryption plan or strategy.
- Data protection is increasingly viewed as a mission critical element of an organisation’s risk management efforts. An overwhelming number of UK respondents – 69 percent – stated that data protection was either a “very important” or “important” part of their risk management efforts. 19 percent said it was “unimportant” and 12 percent were “unsure”.
- The most important feature for encryption solutions is the automation of key encryption management activities and management of encryption keys. In the UK, 69 percent agreed with this, while 46 percent said it was the management of encryption over the widest possible range of applications.
- Complying with data protection and privacy regulations is becoming more central to organisations’ use of encryption, and is a key driver alongside mitigating data breaches. This trend indicates that globally organisations are getting ahead of the curve with their encryption strategy before the breach occurs, not after.
- Across all the countries surveyed, solutions involving encryption have seen the biggest increase in earmarked IT budget. Encryption solutions being earmarked for budget increased nine percent from 2009 and 12 percent since 2008. Endpoint security solutions including laptop encryption were up 10 percent from 2009 and 11 percent from 2008. Key management for encryption solutions rose nearly as much, up nine percent from 2009 and 10 percent from 2008.
“All of these factors bolster and accelerate the argument for organisations to protect their sensitive data with encryption,” said Jamie Cowper, Principal Product Marketing Manager for Encryption and Data Loss Prevention, Symantec. “As companies increasingly rely on outsourcers, cloud-based technologies and mobile solutions, a major side effect is that more data is exposed to loss or theft. Encryption technologies enable organisations to take a more proactive approach to data protection and avoid the heavy fines, brand damage, and operational disruption a data breach can cause.”