Data breaches drive growth in use of encryption, global study finds

But complex key management holds back some

Data breaches have for the first time become the main reason enterrises implement encryption technology, according to a study of global encryption trends by The Ponemon Institute on behalf of security firm Thales e-Security.

The firm found that 46 percent of the 4,800 enterprises and IT managers questioned from around the world said that the main reason they invested in encryption was that it could lessen the impact of breaches. This beat a desire to protect brand reputation on 44 percent and the 40 percent mentioning compliance as the motivation.

It's perhaps obvious that encryption makes stolen data less useful to criminals but the growing importance placed on protecting data rather than devices shows how the technology has risen from being precautionary measure to that of a frontline defence.

Storing data without encryption, especially customer data, is increasingly unthinkable with the US the most emphatic on this for 59 percent of those questioned. Curiously, some countries fall short of this enthusiasm with France in last place on 35 percent.

The reason is mainly local legislation and compliance regimes, with 61 percent of the US sample reporting that unencrypted customer data would require breach notification as against 33 percent believing notification would be necessary if it was.

On the face of it this is a bit surprising; many US organisations appear to believe that breach notification would not be required simply because the data had been encrypted. It is not clear that this is true although the same divide appears in all countries looked at.

The study also uncovered the usual problems with deploying encryption as well as identifying precisely where the sensitive data resides for it to be applied.

The figures also show that encryption use has doubled since the report was first compiled in 2005, and was now present in 30 percent of organisations. Not surprisingly, financial services leads the way with 43 percent making use of it.

Arguably, encryption use should be much higher. A major barrier remains the complexity of key management. This can also be hugely expensive, or at least firms believe it will be.

"Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption," said Ponemon Institute founder, Dr Larry Ponemon,

"For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms - especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems."

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancesecurityhardware systemsData Centre

More about e-SecurityThales Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place