Sophos finds dismaying lack of encrypted data in corporations worldwide

Source: Sophos white paper. Organisations making extensive use of
encryption to secure sensitive data, by country. In India nearly
half (46%) of organisations encrypt their data, compared to 32%
in Japan and 26% in Malaysia.

Sophos, a global player in network and endpoint security, has found that private, highly sensitive employee information, including banking details, human resource (HR) files and personal healthcare records, is at risk.

While many companies take the security of their customer data seriously, employees are not protected to the same level, says its recently-conducted survey*, The State of Encryption Today. For example, about one third (31%) of the companies surveyed that store this type of data admit that employee bank details are not always encrypted. In fact, 48% in Japan fail to consistently encrypt employee bank details, making their employees the least protected.

Four in 10 (43%) of the companies holding sensitive employee HR files don’t always encrypt them, and nearly half of those that store employee healthcare information (47%) fail to consistently encrypt these records.

Company data remains at risk as well. Nearly one-third (30%) of all organisations surveyed fail to always encrypt their own corporate financial information, and four in 10 (41%) inconsistently encrypt files containing valuable intellectual property.

Cloud data security is also driving encryption adoption. More than eight in ten companies (84%) expressed concern about the safety of data stored in the cloud. Nevertheless, while 80% are using the cloud for storage, only 39% actually encrypt all files stored in the cloud. Malaysia comes in last, with only 17% of businesses surveyed encrypting all files in the cloud.

“Data breaches happen to large and small companies every day, and the last line of defense against that breach turning into a corporate crisis is a comprehensive data encryption policy,” commented Dan Schiappa, SVP and GM of Enduser Security at Sophos. “While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it.”

Encryption demand is growing although companies cite budget, performance concerns and lack of deployment knowledge as the top three barriers to implementing a solution. Three-quarters of organisations acknowledge that they need to improve how they encrypt and secure employee, customer and company information. In fact, over the next two years, 69% of organisations surveyed plan to increase their use of encryption, showing that companies are moving in a positive direction.

“The State of Encryption Today survey confirms that while encryption is widely used and accepted by businesses, it also highlights critical gaps,” said Schiappa. “Unfortunately, I am not surprised by the findings because too many people mistakenly believe that encryption is too complicated or too expensive to implement. The reality is that modern, next-generation encryption solutions can be easy to deploy and quite cost-effective.”

Interested?

Read the white paper containing the full survey results

*The State of Encryption Today survey includes 1,700 IT decision makers interviewed in the US, Canada, India, Australia, Japan and Malaysia. All respondents were from organisations with 100 to 2,000 employees in all sectors, excluding government. Vanson Bourne, an independent specialist in market research, conducted the study.