53% of German companies had one or more data breaches in the last 12 months
PGP Corporation announced the results from The Ponemon Institute’s third annual study on encryption usage in the enterprise – The 2009 Annual Study: German Enterprise Encryption Trends.
This year’s study surveyed 490 IT and security practitioners, 27 percent of whom hold positions at managerial level or higher, and identifies the trends in enterprise encryption planning strategies, budgeting and spending, deployment methodologies and impact on data breach incidents.
The fundamental conclusion on the basis of study participants’ responses is that data protection is a significant problem in Germany. Fifty-three percent of all companies and organisations suffered at least one instance of data loss during the past twelve months, representing an increase of over 55 percent on the figure for 2008 (34 percent).
Other study conclusions:
- New Data Protection laws to increase breach notification. Of the 53 percent of companies and organisations who suffered at least one instance of data loss over the past year, a mere 5 percent reported all their instances of data loss, whilst a further 14 percent at least disclosed some of their data losses. This means that 81 percent of data losses were not publicly disclosed. The change in the federal Data Protection Act that has been in effect since 1st September 2009, establishing an obligation to publicise data loss, will lead to further use of protection strategies. Companies and organisations have hitherto been disinclined to disclose data loss
- Data protection is an important part of an organization’s risk management efforts. 82 percent of German companies and organisations rated data protection as an ‘important’ or ‘very important’ part of their risk management, thus showing that corporate decision-makers are increasingly recognising that data loss constitutes a threat to business
- Encryption is a key component of Data Protection strategy. In nearly all of the companies and organisations questioned, encryption technologies form a permanent part of these data-protection measures. 55 percent are using the relevant solutions and 44 percent are currently planning and implementing such solutions
- Strategic use of encryption continues to grow. The study shows that the number of IT departments that strategically plan use of encryption technologies is slowly but continuously growing. 31 percent of those questioned (2008: 30 percent) have a company-wide strategy on consistent use of encryption applications. 78 percent make partial use of a strategic approach, encrypting company-wide or depending on the data and applications used. The trigger for this development is probably the recognition that a strategic encryption approach reduces the danger of data loss. No IT department with a company-wide encryption strategy has suffered more than one instance of data loss over the past twelve months, thus showing that encryption solutions planned at company level can reduce the risk of data abuse
- Investment in Key Management represents a third of budget. Many companies are investing in key management as a measure to reduce operating costs. The companies and organisations questioned are planning to invest an average of 32 percent of the budget for encryption technologies in key management. Key management includes active management of all keys throughout their period of validity, creation, implementation and application of security regulations and reporting. 33 percent of those questioned are assuming that through their investments in key management they can reduce the total operating costs of the solutions for company-wide data protection
- Data Protection Law drives encryption. In contrast with the year before, there has been a shift in the reasons for use of encryption solutions. Whereas in 2008 adherence to data-protection and data-security stipulations was still the main reason for use of encryption, compliance has now dropped to third place, with a current level of 35 percent of listings. By comparison, 46 percent of those questioned stated that their companies’ consent regarding protection of personal data in 2009 was the chief reason for use of encryption solutions. In close pursuit, with 45 percent, came the group using improved data protection with the aim of averting damage to their company’s image.
Go here to read the complete study.