The term encryption, previously relegated to business circles, has become part of common usage as data breaches become almost daily news and the public becomes aware of the need to protect data. But what exactly is encryption? In basic terms, it’s the process of encoding information in such a way that only authorized parties can read it. Originally encryption was primarily used by organizations to protect their brand and reputation. Now it is more widely relied upon to minimize data breaches, according to the 2013 Global Encryption Study conducted by the Ponemon Institute (the parent organization of the Responsible Information Management Council).
This finding is just one of many trends identified in the report, which conducted its first study of encryption use in 2005, surveying only respondents in the United States. Since then the institute has expanded the scope of its research to include individuals from multiple industries in eight countries: the U.S., United Kingdom, Germany, France, Australia, Japan, Brazil and (for the first time in 2013) the Russian Federation.
The 2013 report, sponsored by Thales e-Security, is based on responses from 4,802 individuals who work in a wide range of industries, including financial services, health and pharmaceutical, technology and software, transportation, and manufacturing. Among the study’s other key findings:
More organizations are implementing enterprise-wide encryption plans
Organizations that have a comprehensive encryption plan in place today outnumber those that don’t by more than two to one. Between 2012 and 2013, the two industries showing the most significant increase in the use of encryption were financial services and hospitality. Financial services are most likely to put in place a comprehensive encryption strategy throughout the enterprise, while manufacturing and retail organizations are least likely to extensively deploy it.
Encryption is of growing importance to business leaders
While IT leaders continue to be most influential in determining the use of encryption within organizations, business unit leaders are beginning to get more involved in determining which encryption technologies their companies should adopt to ensure client privacy and data security. Ponemon believes this finding reflects an overall increase in consumer concerns over data privacy and the importance of showing compliance to privacy and data protection mandates.
Adoption varies widely by country
Companies in Germany, the United States, and the Russian Federation are most likely to use encryption technologies, while Australian, French and Japanese companies are least likely.
Organizations using encryption of data perceive less of a need for breach disclosure
Asked if their organization would be required to notify customers after a data breach involving “the loss or theft of their personal information,” some 61 percent of U.S. respondents replied “yes” if the breached data were not encrypted. If the personal data were encrypted, only 33 percent of U.S. respondents believed notification was necessary.
Organizations with a strong “security posture” are more than three times more likely to have an encryption plan in place
Ponemon used a “Security Effectiveness Score,” (SES) defined as “being able to achieve the right balance between efficiency and effectiveness across a wide variety of security issues,” to determine in which countries organizations were best at achieving their security goals without squandering their resources. Over the past three years, Germany has consistently earned the highest SES, while Brazil has scored the lowest.
Employee mistakes pose the biggest threat to the exposure of sensitive or confidential data
Perhaps surprisingly, those surveyed are more worried about employee mistakes (27 percent) and system malfunction (15 percent) than they are of actual attacks by hackers (13 percent) and “inside” fraudsters (10 percent). Respondents in Japan, Australia and the United Kingdom rate employee mistakes at a much higher level than do their counterparts in other countries. Respondents in Japan are least likely to rate system malfunction as a top threat.
For more about the latest trends in encryption, including the biggest challenges organizations face in planning and executing a data encryption strategy, read the full 2013 Global Encryption Study.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.