The 2009 Annual Study: Australian Enterprise Encryption Trends by The Ponemon Institute, which polled IT security professionals at 482 enterprises, found that 69% of Australian organizations have been hit by at least one data breach incident within the last year, up from 56% in the previous year.
The number of firms experiencing multiple breaches was also up, with 41% of respondents admitting to more than two data loss incidents in the twelve month period (up from 28% in 2008). Of those organizations that did admit to a breach in the last 12 months 65% were never publicly announced; there was no legal or regulatory requirement to disclose these incidents.
Despite the rising number of data breaches, Australian organizations are aware of the consequences of such incidents, with 66 percent of respondents stating that data protection played an ‘important’ or ‘very important’ role in an organization’s overall risk management efforts.
57 percent felt encryption helped them meet privacy commitments and 70% believed encryption was a critical factor in protecting a company’s reputation. The percentage of respondents who believe that the use of encryption increases customers’ trust and confidence in the organization’s privacy or data security commitments has increased from 32% in 2008 to 38% in 2009.
Using encryption to comply with privacy or data security regulations and requirements has increased from 13% in 2009 to 15% in 2009. Those who selected regulations as one of the top reasons for using data encryption in 2009 point to the Privacy Act, National Privacy Principles and PCI DSS requirements.
In response to some high profile cases of lost and stolen laptops, together with the increased business use of smart-phones, this year’s study also assessed organizational approaches to encrypting data held on mobile devices. More than 64% of respondents say it is very important or important to encrypt employees’ mobile devices and 55% believe that it is very important or important to provide end-to-end email security for Windows Mobile 6.0/6.1 Professional Edition.
The study found that 75% of Australian businesses have fully executed or just launched implementation of data encryption technology while 25% are in the process of implementing encryption in order to protect sensitive information. Encryption is most widely used to protect the data held on file servers, VPNs and databases. VOIP and mainframe encryption are the least deployed applications.
Other high priority activities in 2009 also include data archive and e-discovery systems with 71% fully executed or recently launched and endpoint device control technologies with 70 percent fully executed or just launched. The activities with the highest in-process response in 2009 include the implementation of endpoint-based data leak detection and prevention technologies, identity and access management systems and strong authentication devices.