The arrest of Rio Tinto executive Stern Hu in China on spying charges has brought home the need for CIOs to examine data security according to the CEO of security company PGP, Phil Dunkelberger.
In Sydney for the launch of the 2009 Australian Enterprise Encryption Trends, commissioned by PGP and produced by the Ponemon Institute, Dunkelberger said the Rio example highlighted a risk faced by businesses working in developing markets.
“The Rio Tinto incident exposes a business issue [data and IP security]. From a CIO’s perspective, this incident should be taken as an example of the need for data encryption across the whole enterprise,” Dunkelberger said.
Commenting on the findings of The Enterprise Encryption Trends report, which interviewed 482 Australian business and IT managers, Dunkelberger said despite Rio’s example, there was a growing recognition by CIOs of the security risks posed by smartphones and mobility to their organisation.
More than 64 per cent of the report’s respondents said it is either very important or important to encrypt employees’ mobile devices and 55 per cent said that it is very important or important to provide end-to-end email security for Windows Mobile 6.0/6.1 Professional Edition.
“People in IT security talk about the perimeter; well the perimeter has shifted out from the business to its people through mobile and traveling employees with data on their laptops and mobile devices,” Dunkeberger said.
Reinforcing the need for data encryption and data security in general, the report found that a sizable 69 per cent of the companies surveyed had suffered one or more data breaches in the last 12 months, up from 56 per cent in 2008. A quarter of these companies had five or more data breaches in the previous 12 months, up from 22 per cent in 2008. Of these breaches, only 35 per cent were publically disclosed.
With the average cost associated with data breaches continue to rise, to an average cost per record of £60 per record in the UK and $202 in the US, cost to the business of a data breach, rather than impending mandatory breach notification breach laws, was becoming the major driver for data encryption adoption, Dunkelberger said.
“About 65 per cent of the cost to the business following a data breach is in lost business; that’s the reason why businesses are reluctant to have mandatory breach notifications laws; it’s because of a fear of customer churn,” he said. “Businesses who have data breaches experience a rate of churn similar to that of the telecommunications industry.”
The report also found that the global financial crisis had resulted in new problems for CIOs – namely through the resulting reduction in IT budgets and the risks associated with newly-redundant employees looking to leverage customer data outside of corporate control.