Study: Encryption Is Needed But Few Are Doing It

While 66% of IT and business managers surveyed have "some type" of encryption strategy, only 16% have enterprise-wide strategies, the Ponemon Institute found.

February 8, 2007

2 Min Read
Network Computing logo

While IT and business managers say they know encryption is critical to safeguarding company information on laptops, not many are actually doing it.

Sixty-six percent of IT managers and business executives surveyed say using encryption on corporate laptops is key to mitigating the risks of a potential data breach, according to a survey by the Ponemon Institute, a research organization. Despite a majority thinking it's important, only 18% reported consistently encrypting laptops, file servers, e-mails and backup tapes.

The study, which surveyed nearly 800 people, also showed that while 66% have "some type" of encryption strategy, only 16% have enterprise-wide strategies.

This past October, the Ponemon Institute released another study calculating the average cost of a data breach at $182 per compromised record. That adds up to an average loss of $4.8 million per breach. The October study pointed out that these numbers are driving company leaders to initiate and expand their use of encryption.

What does seem to be catching IT managers' attention is the adoption of a platform approach to encryption. A platform, according to PCG Corp., a security software company, enables companies to centrally manage and deploy multiple encryption applications while maintaining consistent policy enforcement. The new Ponemon survey shows that 61% of respondents see adopting an encryption platform as an "important or very important" step.Laptop loss and theft have hit many companies and government agencies. Just last week, the Department of Veterans' Affairs reported that it had lost yet another computer. In this latest case, the agency reported that a hard drive containing nearly 50,000 veterans' identities may have been stolen. It was a deja vu kind of moment for the federal agency that lost millions of records in a home burglary in 2006. And in December, Boeing fired an employee whose stolen laptop contained identifying information on 382,000 current and former employees. The worker had been fired for violating company policy by downloading the information onto the laptop and not encrypting it.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights