The state of encryption in Europe
It is a well know fact that IT employees are a special breed. They may be seen as overly paranoid and sometimes very singleminded and demanding about the issue of security and protection of the company and its technical and informational assets, but they are the people who are most aware of the consequences of breaches and data loss.
Stephen Midgley from Absolute Software, shared with us some survey results that give insight into the cultural differences between IT and non-IT staff in the UK, Germany, France and Sweden.
IT personnel is constantly under pressure: budget cuts restrict their options, the issue of compliance is always looming behind their shoulder, they are perpetually aware and burdened by the knowledge of the potential consequences of data breaches and – to top it all – the workforce is becoming increasingly mobile.
Consider these figures:
- Over 3500 laptops go missing every week in airports across Europe (mind you, this is just airports we’re talking – never mind all the other places)
- Lost and stolen PC’s led to 61 percent of data breaches
- The average cost of a data breach in the UK is £1.7 millions and in Germany €2.41 millions.
So, how can you manage to secure data outside of the company perimeter? The answer is encryption and education. Unfortunately, while the IT employees are ever mindful of security, the other employees see it as a nuisance that makes their job more difficult.
The survey brought to light some other interesting (but disheartening) differences in thought, perception, and action between IT and non-IT managers:
- The difference in the perception of risk is considerable – 86 percent of IT security practitioners is aware of an instance when someone in their organization has had a laptop lost or stolen, compared to the 65 percent among non-IT personnel
- The IT people are also more aware of the consequences of these security incidents: 61 percent of them know that this resulted in a data breach for the organization, compared to only 25 percent of the non-IT managers
- Non-IT personnel on average tends to believe more into the safety of encryption, while IT staff knows that being careful that your laptop doesn’t get stolen or lost in the first place decreases considerably the possibility of a data breach. 79 percent of the IT employees never leaves their computer in insecure or unattended locations, while only 20 percent of non-IT people say they never do it (and 29 percent admits of doing it frequently!)
- The methods used to remember the encryption password are various. The great majority (91%) of the interviewed IT people have their password programmed on their computer and loaded after a fingerprint or password authentication. None write it down on a post-it note. The percentages are completely different among non-IT staff: 32 percent have opted for the first option, 35 percent for the sticky note, and 31 percent for sharing the key with other individuals in case they forget the password.