The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

45 Percent of Orgs Have Encryption Plan in Place

by Chris Brook on Thursday March 28, 2019

Contact Us
Free Demo

A Ponemon Institute report published today says the biggest driver to encryption for organizations is protecting enterprise intellectual property and consumer personal information.

With the influx of services offering encryption and the process more or less being default across email and private messaging, It should come as little surprise that its usage is up across the board over the last year or so.

Almost half (45%) of those surveyed by a Ponemon Institute report, published today, said their organizations have an overall encryption plan or strategy in place that's applied consistently across the entire enterprise.

For the report Ponemon interviewed nearly 6,000 individuals worldwide - from roughly 20 countries, in nearly every continent – in December, on how encryption has matured for organizations over the years. The report was sponsored by nCipher, a UK-based encryption firm.

Employees themselves continue to be the number one threat to sensitive or confidential data; according to the study, employees are responsible for three quarters of threats. Employee mistakes are responsible for 54 percent of threats, second to system or process malfunctions and hackers, while malicious insiders were responsible for 21 percent.

Encryption adoption is up pretty much across the board but nowhere moreso than in the manufacturing, hospitality, and consumer products industries. This of course makes sense as hospitals integrate encryption to protect sensitive patient data, and mitigate legal catastrophe, and manufacturing firms have turned to it to fight attacks on connected devices, lax executives and engineers, subcontractors, and other weaknesses in the supply chain.

The only industry that didn't see an uptick in encryption adoption was the financial services industry, which also makes sense as the community has long been subject to some of the most stringent regulations, including more recently, the New York State Department of Financial Services' Cybersecurity Regulation.

As the report points out and references throughout, the trends are framed by statistics dating back 14 years, to 2005, when some of the first studies on encryption were published.

It's the second annual study on encryption Ponemon has carried out with help from nCipher; last year the institute surveyed almost as many individuals - 5,252 - in 12 countries on how their organizations deploy encryption, why, and some of the main drivers and priorities.

While compliance is a big driver for most companies when it comes to deploying data protection programs and encrypting data, according to the report it's less so here: 31 percent of those surveyed said they deployed encryption to reduce the scope of compliance audits. According to the survey, the biggest driver for orgs looking to implement encryption, 54 percent on both counts, is to protect enterprise intellectual property and consumer personal information.

Interestingly, for those surveyed, one of the biggest challenges when it comes to planning and executing a data encryption strategy is actually discovering where sensitive data resides. 69 percent of respondents said this was the biggest challenge, followed by deploying the technology and classifying which data to encrypt.

Tags: Encryption

Recommended Resources

  • Data security challenges in healthcare
  • Case studies on how DLP prevented PHI egress
  • How Digital Guardian protects PHI from internal & external threats
  • HIPAA 101: 4 core regulatory rules that impact security
  • Security strategies for protecting patient data
  • How to use DLP to cut your risk of HIPAA fines

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.