PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008
- 20 November, 2008 17:34
<p>PGP Corporation, a global leader in enterprise data protection, today announced the results from its inaugural Australian study by The Ponemon Institute© identifying key areas of focus in enterprise encryption use, planning strategies, budgeting and spending, deployment methodologies, and impact on data breach incidents. The key findings of the 2008 Annual Study: Australian Enterprise Encryption Trends demonstrate organisations continue to move towards a more strategic approach to encryption including a larger focus on key management, especially those companies identified as having the most effective IT organisations. The study supports the same trend that is occurring throughout other world markets: as the awareness of data breaches grows and the likelihood of government action increases, businesses will most certainly increase their use of encryption.
“Individual, point solutions for encryption have been around for years, yet the implementation, management and scalability have too often been inhibitors to their use in corporate environments. Without the proper integration, key management and policy procedures of these solutions, enterprises continue to suffer data breaches,” said Phillip Dunkelberger, president and CEO of PGP Corporation. “What this first study of Australian companies by the Ponemon Institute shows is that the companies who take a strategic, platform approach that allows for the management of all your encryption applications can reduce their chances of a breach.”
The study shows that 56 percent of organisations surveyed suffered at least one data breach over the last 12 months with 28 percent of organisations suffering two or more breaches during the same time period. However, an emerging trend appears to show that organisations with an enterprise encryption strategy lowering the rate of data breaches. This demonstrates that an encryption strategy, especially one implemented across the enterprise, can reduce the costs and brand damage associated with data breaches and likely leads to a more profitable business.
The study of nearly 405 Australian-based IT and business managers, analysts and executives (27 percent at the director or higher), identifies a new trend that shows organisations with a more strategic, enterprise-wide approach to encryption have experienced fewer data breaches. In response to increasing demands for data security, nine percent of organisations surveyed now have an encryption strategy applied consistently across the organisation.
“This study continues to break new ground in identifying enterprise IT security trends,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “Businesses in Australia have grappled with the new realities of data breaches over the past 12 months. In response, organisations are spending significant portions of their encryption budgets on key management and are looking for more complete solutions from a single vendor instead of point products. With more organisations experiencing data breaches, those who deploy a strategic encryption solution, like the PGP® Encryption Platform, reduce their risk.”
Other key findings in the Australian research report include:
• Encryption use across multiple applications grows. Respondents reported the consistent encryption of laptops, emails, file servers, and backup tapes varied across applications. In the wake of publicised data breaches, tape backup and laptop encryption were used most often, with 30 percent and 20 percent of organisations respectively using these encryption methods most of the time, while only seven per cent of organisations surveyed used email or file server encryption.
• Key management is more frequently budgeted for in 2008 as organisations seeking to reduce operational costs prefer to choose just one enterprise vendor. Organisations surveyed on average plan to spend 27 percent of their total encryption budget on key management solutions:
o 62 percent of organisations expect their key management investments to reduce the overall operational costs of enterprise data protection.
o Eight percent of organisations expect key management to increase the operation cost of enterprise data protection.
• Organisations are seeking a platform approach. Respondents were interested in a platform approach, with at least 56 percent rating five fundamental characteristics as important or very important. As described in the survey, a platform enables an organisation to centrally manage and deploy multiple encryption applications with consistent policy enforcement. Respondents from the most effective security organisations were much more interested in a platform strategy than those from less effective organisations.
• Need for single enterprise encryption vendor begins to emerge. While encryption use across applications varies significantly, organisations are beginning to select a single enterprise vendor for their key management needs. The survey showed some 25 percent of organisations expect to deploy a single enterprise-wide key management solution or deploy a single vendor’s key management solution for different purposes in 2008. Twenty-two percent of organisations are seeking a tactical key management solution for just one encryption application.
Finding that organisations with enterprise-wide encryption strategies are reducing the risk of data breaches and organisations overwhelming prefer a platform approach to encryption is significant in the evolution of data security. The increased interest in automated policy enforcement, single administration interface, and comprehensive key management continue to favour adoption of an encryption platform solution. The preference for adopting this approach to managing multiple encryption applications from a single console continues to mirror the progression seen with other important enterprise applications such as ERP and CRM.
The inaugural Australian study comes after the Ponemon Institute published the second annual report covering Encryption Trends in the United States earlier this year.
For more information or to receive a copy of this study, visit: http://www.pgp.com/downloads/research_reports/index.html</p>