Study: Encryption becoming company-wide IT risk management initiative


In response to the evolving threat landscape, more businesses are integrating encryption into their IT risk management policies. According to a new study by the Ponemon Institute, which polled more than 4,000 business and IT managers across seven countries, encryption is now recognized as a strategic initiative for businesses to improve data loss prevention and avoid falling victim to information leaks.

Although the encryption deployment rates vary by country, the overall sense is that organizations are utilizing this technology more often than ever before. When a similar survey was conducted in 2005, only 15 percent of respondents said they had a secure encryption strategy.


Today, there are more businesses that have encryption in place than those that do not, the report said.

"Encryption is taking center stage as a strategic IT security issue, in order to mitigate the risk of data breaches and cyberattacks and to protect an organization's brand, reputation and credibility," said Franck Greverie of study sponsor Thales. "However encryption is only a valuable tool if deployed correctly."

As a result, encryption is moving out of the IT department and becoming a company-wide priority. While 39 percent of respondents said chief information and technology officers are still in charge of encryption deployments, non-IT managers are also influential in the IT risk management process. In fact, 21 percent of respondents said executives outside of the IT department are in charge of their encryption strategies, the study noted.

"Encryption usage has emerged as a clear indicator of a strong security posture with organizations that deploy encryption being more aware of threats to sensitive and confidential information and making a greater investment in IT security," said Larry Ponemon, the director of the Ponemon Institute.

The reasons for deploying encryption vary, but a common need is for organizations accepting and storing payment card data to meet PCI compliance regulations. Other top reasons for implementing cryptography are to help protect the company's reputation, to lessen the damage of data breaches and, hopefully, avoiding these incidents entirely, Ponemon Institute noted.

As of February 28, there had already been 19 business-related data leaks in 2012, exposing more than 1.8 million records, according to the Identity Theft Resource Center. By deploying encryption technologies, organizations may be able to soften the impact these incidents have over the entire company. With encryption, even information that becomes exploited will need to be unscrambled with the proper authentication.