RealTime IT News

Report: 85 Percent of U.S. Businesses Breached

The fourth annual U.S. Encryption Trends Study was released today by The Ponemon Institute. The study says that 85 percent of surveyed businesses have experienced a data breach in the past year, up from 60 percent in the 2008 study. The report was sponsored by encryption supplier PGP Corp.

"A data breach is defined as the loss or theft of confidential or sensitive data including information about people and households," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, in an e-mail to InternetNews.com.

The numbers are comparable to a similar study released last week concerning UK businesses. There, the Ponemon Institute found that 70 percent had been breached in the last year.

The report was based on surveys with nearly a thousand (997) U.S.-based executives.

Organizations need to have a holistic data encryption strategy, according to the report.

"For the second year in a row, organizations with no encryption strategy accounted for all the organizations that suffered five or more data breaches (13 percent)," the report said.

Organizations are adopting encryption to comply with industry regulations and state and federal laws, the report explained.

A flood of data breaches

The news comes as reporting requirements are becoming more burdensome. For example, a recent change to reporting requirements for healthcare organizations in California has resulted in a flood of data breach reports there.

Businesses can expect closer scrutiny of security issues -- and failures -- as the government ponders new privacy laws.

The report touts the platform approach to encryption. The use of "encryption applications managed via a platform continues to be a best practice approach to an overall data protection strategy in 2009," said Dr. Ponemon in a statement.

According to the report, organizations see a need to protect mobile devices. "More than 59 percent of respondents say it is very important or important to encrypt employees' mobile devices -- a sign that organizations recognize that valuable data is more mobile than ever," the report said.

Companies are right to be concerned about breaches, the report said, referring to an earlier study by The Ponemon Institute that found that breaches cost businesses, on average, $202 per record and, in total, an average of $6.6 million.

Update corrects an earlier edition with revised figures from Ponemon. Also corrects release date of PGP products.