When it comes to matters of encryption, you wouldn’t be alone in thinking they reside solely within the confines of an organization’s IT team. In fact, for the past 12 years, our Global Encryption Trends Reports have shown that the IT operations function has consistently been the most influential in framing an organization’s encryption strategy.
For the first time in the history of the study, business unit leaders now have the highest influence over encryption strategy – up from 10 percent in 2005 to 30 percent in this year’s study. In contrast, the influence held by IT operations has significantly decreased over the same time period from 53 percent to 29 percent.
It can be no coincidence that this rise in influence on encryption strategy among business leaders mirrors the rising number of massive data breaches impacting high-profile companies. Just last year, for example, web giant Yahoo admitted that data on around a billion users was stolen in what could be the world’s largest ever publicly disclosed breach. This hack reportedly cost the company $350 million.
With such devastating effects to a company’s bottom line and reputation, as well as a considerable loss of customers, the risk of falling victim to a data breach is undeniably keeping board members awake at night. Data privacy is now of paramount importance for businesses wanting to avoid having valuable data – both their own sensitive data and that of their customers -- falling into the hands of a malicious hacker, and becoming tomorrow’s headlines.
Perhaps this is why we also saw an accelerated adoption of encryption strategies across the global organizations we surveyed. Today, just over two in five (41%) organisations have an encryption strategy applied consistently across the enterprise – a huge increase on the 15 percent we reported in 2005.
Playing by the rules
It’s not just massive data breaches driving encryption up the boardroom agenda, however. Compliance, too, is having an impact – 55 percent of respondents identified compliance with privacy and data security requirements as the main driver to extensive encryption use within their company. And as regulatory changes, such as the General Data Protection Regulation and eIDAS, come into effect, we can be certain that more and more companies will consider how they can best deploy encryption to ensure they are compliant. The consequences for failing to do so – namely the eye-watering fines – are something no business leader wants to face.
Closely following compliance as the main driver for encryption technology solutions was the need to protect enterprise intellectual property (51%), to protect information against specific, identified threats (49%) and to protect customer personal information (49%). These findings reveal that fewer businesses are adopting robust security strategies, such as encryption, because they simply ‘have to’. Rather, they are choosing to adopt them because they need to - for the sake of better protecting valuable data.
It’s encouraging to see that data protection is increasingly making its way up the boardroom agenda. Today, the stakes are too high for an organization to stand by and wait for an attack to happen before introducing measures such as encryption that are now widely recognized as best practices to protect sensitive data. And although the balance of power in terms of driving encryption strategy has changed, the partnership between business leaders and IT operations to ensure that encryption and associated lifecycle management of encryption keys is done well is paramount.