Thales Blog

ESG Research Unearths Critical Insights for Future-Proofing Encryption and Key Management

February 1, 2024

Emily Richuso Emily Richuso | Senior Product Marketing Manager, Thales More About This Author >

Encryption and key management are critical defenses against data breaches and cyber threats in the evolving digital landscape. A comprehensive study by ESG Research, commissioned by Thales, sheds light on emerging trends, operational challenges, and strategic advancements in this vital field. For IT professionals navigating the complexities of data security, these insights offer a guide to the evolving demands and solutions in encryption and key management.

Strategic Insights at a Glance

The ESG Research study offers a trove of insights for all IT professionals and business execs. The following points provide a high-level snapshot of the current encryption landscape:

  • Widespread Data Loss: 71% of organizations have faced multiple data breaches in the past year, primarily due to inadequate encryption.
  • Operational Challenges: Top concerns include identifying where and when to apply encryption, managing certificate chains of trust, and ensuring regulatory compliance.
  • Trends in Encryption: An increase in encryption for data at rest, in motion, and in use is anticipated, with a notable shift towards cloud-resident data protection.
  • Strategic Focus: The formation of dedicated encryption teams and direct reporting to C-level executives emphasize encryption's strategic significance.

The Rising Tide of Cloud-Based Sensitive Data

The volume of sensitive data residing in the cloud is surging, with an average of 51% of organizational data currently cloud-based, projected to increase to 68% within 24 months. This trend underscores the growing reliance on encryption as a primary safeguard. As data migrates skyward, encryption techniques for data at rest, in motion, and in use are becoming more pervasive, evolving into a standard practice for protecting cloud-resident sensitive information against emerging cyber threats.

Encryption as a Strategic Imperative

Encryption is increasingly recognized as a strategic cornerstone within organizations. Reflecting this shift, 71% have initiated formal cryptographic programs, while 81% boast dedicated encryption teams. Notably, 63% of these teams report directly to C-level executives, underscoring encryption's elevation to a critical, strategic function. This trend highlights the growing acknowledgment of encryption's vital role in safeguarding an organization's most sensitive assets.

Operationalizing Encryption: Challenges Ahead

Navigating the encryption landscape presents a complex array of operational challenges for IT professionals:

  • Decision Dilemmas: Determining where and when to apply encryption tops the list of complexities, requiring a nuanced understanding of data types, regulatory requirements, and threat vectors.
  • Trust Management: Managing certificate chains of trust is a critical task, ensuring the integrity and reliability of encryption across systems.
  • Compliance Complexity: Navigating the maze of regulatory compliance demands a meticulous approach, especially with the varying standards across regions and industries.

The common occurrence of sensitive data loss compounds these challenges. Many organizations report multiple breaches within a year, often due to unencrypted data being vulnerable to malicious actors or insufficient encryption strength. This reveals a critical gap between overconfidence in protocols and the harsh reality of data security.

Preparing for a Quantum Future

Post-quantum cryptography (PQC) emerges as a pivotal frontier in encryption technology as the digital world braces for the quantum era. Currently, 51% of organizations have embarked on their PQC journey, deploying solutions or actively testing them, with an additional 25% planning evaluations within the next two years.

This proactive shift reflects a keen awareness of quantum computing's potential to disrupt current encryption paradigms. PQC offers a beacon of hope, promising robust defenses against future threats. However, the journey is fraught with complexities, demanding a deep understanding of quantum-resistant algorithms and strategic planning.

As IT professionals navigate this transition, they balance the immediate needs of data security with the long-term imperative of quantum readiness, ensuring that today's encryption efforts can withstand tomorrow's challenges. The commitment to PQC underscores encryption's evolution from a tactical tool to a strategic necessity, preparing organizations for a secure future in an uncertain quantum landscape.

Uncertainty and Data Volume Fuel Investment

The uncertainty of the quantum future, coupled with the increase in cloud-resident sensitive data, justifies the notable surge in investment. With a reported 51% of an organization’s sensitive data currently stored in the cloud, it’s no wonder that a striking 87% of organizations plan to increase their encryption budget, outpacing other areas of cybersecurity.

This uptick is accompanied by a strategic shift towards unified, centralized Key Management Systems (KMS), with expectations that adoption will double in the near future while distributed/federated KMS usage will decline. Additionally, the pursuit of comprehensive, integrated encryption solutions is gaining traction, reflecting a preference for holistic, streamlined security architectures.

These trends signify a maturation in understanding the complexities of data security and herald a future where encryption is seamlessly embedded in the fabric of organizational defense mechanisms.


The ESG Research study commissioned by Thales unveils critical insights into the evolving realm of encryption and key management. As organizations grapple with increasing data volumes, regulatory complexities, and emerging quantum threats, encryption emerges as a strategic imperative. The shift towards comprehensive, integrated solutions and increased investment reflects a deeper understanding and commitment to data security.

For businesses, these findings underscore the challenges and highlight the path forward, offering a blueprint for navigating the intricate landscape of encryption in the digital age.

Learn more about the findings of the ESG Research study and how Thales can help here, and register to join our webinar as Jack Poller, Senior Analyst, Enterprise Strategy Group joins Leonor Jones, Director of Product Management, Thales to discuss the key findings.