45 Percent of Orgs Have Encryption Plan in Place
A Ponemon Institute report published today says the biggest driver to encryption for organizations is protecting enterprise intellectual property and consumer personal information.
With the influx of services offering encryption and the process more or less being default across email and private messaging, It should come as little surprise that its usage is up across the board over the last year or so.
Almost half (45%) of those surveyed by a Ponemon Institute report, published today, said their organizations have an overall encryption plan or strategy in place that's applied consistently across the entire enterprise.
For the report Ponemon interviewed nearly 6,000 individuals worldwide - from roughly 20 countries, in nearly every continent – in December, on how encryption has matured for organizations over the years. The report was sponsored by nCipher, a UK-based encryption firm.
Employees themselves continue to be the number one threat to sensitive or confidential data; according to the study, employees are responsible for three quarters of threats. Employee mistakes are responsible for 54 percent of threats, second to system or process malfunctions and hackers, while malicious insiders were responsible for 21 percent.
Encryption adoption is up pretty much across the board but nowhere moreso than in the manufacturing, hospitality, and consumer products industries. This of course makes sense as hospitals integrate encryption to protect sensitive patient data, and mitigate legal catastrophe, and manufacturing firms have turned to it to fight attacks on connected devices, lax executives and engineers, subcontractors, and other weaknesses in the supply chain.
The only industry that didn't see an uptick in encryption adoption was the financial services industry, which also makes sense as the community has long been subject to some of the most stringent regulations, including more recently, the New York State Department of Financial Services' Cybersecurity Regulation.
As the report points out and references throughout, the trends are framed by statistics dating back 14 years, to 2005, when some of the first studies on encryption were published.
It's the second annual study on encryption Ponemon has carried out with help from nCipher; last year the institute surveyed almost as many individuals - 5,252 - in 12 countries on how their organizations deploy encryption, why, and some of the main drivers and priorities.
While compliance is a big driver for most companies when it comes to deploying data protection programs and encrypting data, according to the report it's less so here: 31 percent of those surveyed said they deployed encryption to reduce the scope of compliance audits. According to the survey, the biggest driver for orgs looking to implement encryption, 54 percent on both counts, is to protect enterprise intellectual property and consumer personal information.
Interestingly, for those surveyed, one of the biggest challenges when it comes to planning and executing a data encryption strategy is actually discovering where sensitive data resides. 69 percent of respondents said this was the biggest challenge, followed by deploying the technology and classifying which data to encrypt.