Rio Tinto spying case a wake up call to CIOs?

2009 Australian Enterprise Encryption Trends report finds growing awareness of need for data encryption

The arrest of Rio Tinto executive Stern Hu in China on spying charges has brought home the need for CIOs to examine data security according to the CEO of security company PGP, Phil Dunkelberger.

In Sydney for the launch of the 2009 Australian Enterprise Encryption Trends, commissioned by PGP and produced by the Ponemon Institute, Dunkelberger said the Rio example highlighted a risk faced by businesses working in developing markets.

“The Rio Tinto incident exposes a business issue [data and IP security]. From a CIO’s perspective, this incident should be taken as an example of the need for data encryption across the whole enterprise,” Dunkelberger said.

Commenting on the findings of The Enterprise Encryption Trends report, which interviewed 482 Australian business and IT managers, Dunkelberger said despite Rio’s example, there was a growing recognition by CIOs of the security risks posed by smartphones and mobility to their organisation.

More than 64 per cent of the report’s respondents said it is either very important or important to encrypt employees’ mobile devices and 55 per cent said that it is very important or important to provide end-to-end email security for Windows Mobile 6.0/6.1 Professional Edition.

“People in IT security talk about the perimeter; well the perimeter has shifted out from the business to its people through mobile and traveling employees with data on their laptops and mobile devices,” Dunkeberger said.

Reinforcing the need for data encryption and data security in general, the report found that a sizable 69 per cent of the companies surveyed had suffered one or more data breaches in the last 12 months, up from 56 per cent in 2008. A quarter of these companies had five or more data breaches in the previous 12 months, up from 22 per cent in 2008. Of these breaches, only 35 per cent were publically disclosed.

With the average cost associated with data breaches continue to rise, to an average cost per record of £60 per record in the UK and $202 in the US, cost to the business of a data breach, rather than impending mandatory breach notification breach laws, was becoming the major driver for data encryption adoption, Dunkelberger said.

“About 65 per cent of the cost to the business following a data breach is in lost business; that’s the reason why businesses are reluctant to have mandatory breach notifications laws; it’s because of a fear of customer churn,” he said. “Businesses who have data breaches experience a rate of churn similar to that of the telecommunications industry.”

The report also found that the global financial crisis had resulted in new problems for CIOs – namely through the resulting reduction in IT budgets and the risks associated with newly-redundant employees looking to leverage customer data outside of corporate control.

Join the CSO newsletter!

Error: Please check your email address.

Tags data securitydata encryptionpgpPonemon InstituteAustralian Enterprise Encryption Trends

More about PGPRIO TINTOUnify

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Lohman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts