85% of US organizations hit by one or more data breaches within the last 12 months

PGP Corporation announced the results from The Ponemon Institute’s fourth annual study on encryption usage in the enterprise – The 2009 Annual Study: U.S. Enterprise Encryption Trends.

This year’s study surveyed 997 IT and security practitioners and identifies the trends in enterprise encryption planning strategies, budgeting and spending, deployment methodologies and impact on data breach incidents. While 78 percent of organizations have an encryption strategy in place and are moving toward a more consistent approach to data protection, data breaches continue to rise across the board. 85 percent of survey respondents experienced at least one data breach in the last 12 months, and the number of companies experiencing more than 5 data breaches in one year rose to 22 percent. For the first time, fifty-eight percent of the respondents reported that data protection is a very important part of their overall risk management. Additionally, as organizations increasingly rely on mobile technology and PDAs as their primary computing platform, 26 percent indicate they encrypt a smartphone or PDA most of the time, 51 percent said they never do.

The following list summarizes key findings from the study that included nearly 1000 U.S.-based enterprise IT leaders, analysts and executives:

  • Data protection is an important part of an organization’s risk management efforts. Fifty-eight percent report that is a very important part of risk management and 22 percent say it is an important part
  • Encryption of data on mobile data-bearing devices used by employees is very important or important. More than 59 percent of respondents say it is very important or important to encrypt employees’ mobile devices – a sign that organizations recognize that valuable data is more mobile than ever
  • More than 70% have fully executed or just launched data encryption strategy in their organization. Once again data encryption strategies are being implemented across a majority of the respondent participants. The majority of organizations, 78 percent, have some type of encryption strategy, up from 74 percent in 2008 and from 66 percent in 2007
  • Data Breaches continue to be a huge problem: Eighty-five percent of organizations surveyed had had at least 1 data breach in the last 12 months, demonstrating that there is no let up in breaches as this is consistent with 84 percent sited in the 2008 report. Companies suffering more than 5 data breaches rose to 22 percent in 2009 up from 13 percent in 2008
  • Encryption is mostly used to mitigate data breaches and comply with privacy and data protection regulations. In addition, there was an increase in the percentage of respondents who reported that encryption is also important to preserving brand and reputation.



Share this