There’s something satisfying about having empirical evidence confirm what you see every day. This year’s Global Encryption Trends Study reveals that encryption has come a long way since the days when it was governments and banks that cared most about it. Today, encryption is a core element of the data security strategy for all types of organizations, and the results of this year’s survey bear that out. Encryption – with a sound key management approach underpinning it – can protect your data when the other lines of defense around it break down. And as my colleague Cindy Provin noted in her recent blog post, its importance is appreciated all the way up to corporate boardrooms across the globe.
It has not always been this way. When the first Global Encryption Trends Study came out in 2005, less than 15 percent of respondents said their organizations had a comprehensive encryption strategy, and 38 percent did not have any strategy in place. Today, 41 percent of respondents say their organization has fully embraced encryption with a thoughtful and expansive approach. Only 14 percent have no encryption strategy in place.
But not only has that adoption number grown since 2005, it also reached a four-year high in its rate of growth this year – likely spurred by an escalating drumbeat of data breaches. Encryption is such a top-tier topic that it’s a regular subject for discussion in the company boardroom.
Encryption’s growing popularity – as well as executives’ interest and involvement – is a sign that more decision makers are recognizing it as a core component of data security. What do I mean by decision makers? Well, here’s another first that this year’s study revealed: Business unit leaders have the highest influence over encryption strategy – higher than their colleagues in the IT department. That’s a sea change, and, frankly, a very important one. Don’t get me wrong – in no way do we want to push IT professionals out of the security equation. But we do need buy-in and collaboration from organizational leaders across all divisions to use encryption intelligently, effectively, and to its fullest potential. Our survey reveals that many organizations struggle to implement consistent policies and feel the pain of key management when deploying encryption in isolated silos – something a broader strategy can help address.
The obvious next question is: To what do we owe this shift in approaches to encryption? Here are my answers:
- Data breaches don’t discriminate. Cyber criminals will go after any organization that stores sensitive data. No company is safe – and the consequences can lead to nothing short of bankruptcy. A new study from Oxford Economics concludes that a company’s share prices fall an average of 1.8 percent on a permanent basis as a result of a severe cyber breach.
- Encryption also protects against insider threats. Humanity plays a big role in an enterprise’s vulnerability. Encryption is one of the best ways for organizations to help protect themselves from their own employees’ mistakes. This year’s report found that employee mistakes are the most significant threat to sensitive data – so say 54 percent of this year’s respondents.
- More companies are deploying advanced technologies. As connectivity increases and data proliferates, securing that data – wherever it goes – gets more complicated. Organizations have to protect databases, internet communications, big data repositories, storage systems, data stored in the public cloud, and more. Cloud-first strategies and Internet of Things (IoT) initiatives are among the factors that are changing the game in data protection.
So as we continue forward into an era in which businesses are transforming by connecting – but, in so doing, are exposing themselves to new risks – one thing is clear: encryption – done right – is an indispensable piece of the puzzle.