A whopping 70 percent of enterprises in the UK have suffered data breaches in the past year, according to new findings from the Ponemon Institute.
In its 2009 annual survey of UK enterprise encryption trends, sponsored by PGP Corporation, Ponemon said that it also found that 12 percent suffered five or more data breaches during that period. The report surveyed 615 UK-based managers.
Of the firms surveyed, only 43 percent of the breaches were disclosed to the public, Ponemon also found.
A chief finding was that enterprise-wide security policies are vital. All of the organizations that had suffered five or more breaches had no strategy in place. A total of 40 percent of enterprises reported having no plan at all, and only 19 percent had an enterprise-wide plan in place.
“This study underlines the critical importance of implementing an encryption strategy that encompasses all aspects of an organization’s data, not to just meet privacy or data security regulations but to also protect against brand damage and loss of customers,” PGP President and CEO Phillip Dunkelberger said in a statement.
Holistic strategies are not easy, but piecemeal strategies can be worse, according to the report.
“The increasing use of encryption can put a strain on IT organizations that have taken a silo approach. As they add encryption applications to address new technologies, they must undertake more repetitive tasks, shoulder higher operational costs, and support a more complicated encryption
strategy,” the report said.
Encryption serves two purposes: It helps protect data and it also helps companies comply with government and industry regulations. Though managers recognize the need for security, budgets are often driven by compliance.
The report said that 94 percent of those surveyed said that the risk of losing confidential or sensitive information was “very severe” or “severe.”
But while 65 percent said they were implementing encryption to comply with regulations, only 30 percent said they were encrypting data to mitigate the impact of data breaches. Additionally, 16 percent said they were adopting the technology to ensure their privacy commitments were honored.
The report also found that organizations now recognize the importance of data on mobile devices, but efforts to encrypt data on those devices are only beginning. While 51 percent agreed that such data should be encrypted, only 9 percent had done so.
One way to automate the encryption of data is to use an enterprise-wide platform, and the study’s appendix describes PGP’s encryption platform. The study said that 85 percent of respondents reacted positively to the idea of a platform-based approach to encryption.
That’s a solution that ties in neatly with a chief part of PGP’s business — providing encryption platforms. But Larry Ponemon, the Ponemon Institute’s chairman and founder, said it’s what enterprises are beginning to seek.
“On the whole, UK businesses are looking closely at platform-based encryption solutions — with built-in, key management capabilities — rather than point solutions supplied by multiple vendors,” he said in a statement.