Nearly three-quarters of UK orgs hit by data breaches, study shows

Data breaches continue to be a major concern around the world, with 71% of UK organisations reporting at least one data breach in the past year, a study...

Data breaches continue to be a major concern around the world, with 71% of UK organisations reporting at least one data breach in the past year, a study has shown.

Globally, 88% of organisations reported at least one data breach in the past year, up 3% from 2009, according to the annual UK Enterprise Encryption Trends study by Symantec and the Ponemon Institute.

The vast majority of UK organisations surveyed continue to adopt encryption, with 53% reporting they had fully executed or just launched data encryption technology, and 47% in the process of implementing data encryption programmes.

One third of UK organisations surveyed do not have some type of strategy for using encryption across the enterprise. This is an improvement from 2009 when 40% reported that their organisations did not have an overall encryption plan or strategy.

Data protection is increasingly viewed as a mission-critical element of an organisation's risk management efforts, with 69% of UK respondents stating that data protection was either a "very important" or "important" part of their risk management efforts, but 19% said it was "unimportant" and 12% were "unsure".

In the UK, the biggest drivers of encryption technology adoption were mitigation of data breaches (40%) and complying with privacy or data security regulations and requirements (39%), up from 30% and 35% in 2009 respectively.

"Given that tough new data protection regulations mandate the use of encryption as a hedge against data breaches, enterprises are under increased pressure to invest in these technologies in order to comply," said Larry Ponemon, chairman and founder of the Ponemon Institute.

"A string of high-profile cases involving the loss, theft and misuse of data by government agencies and businesses in the UK has driven the Government to make improving cybersecurity, and particularly protection of personal information and national cyber infrastructure and sensitive data, a national priority," he said.

The study found the most important feature for encryption solutions is the automation of key encryption management activities and management of encryption keys. In the UK, 69% agreed with this, while 46% said it was the management of encryption over the widest possible range of applications.

Complying with data protection and privacy regulations is becoming more central to organisations' use of encryption, and is a key driver alongside mitigating data breaches, the study found.

This trend indicates that globally organisations are getting ahead of the curve with their encryption strategy before the breach occurs, not after, the study report said.

Across all the countries surveyed, solutions involving encryption have seen the biggest increase in earmarked IT budget. Encryption solutions being earmarked for budget increased 9% from 2009 and 12% since 2008. Endpoint security solutions including laptop encryption were up 10% from 2009 and 11% from 2008. Key management for encryption solutions rose nearly as much, up 9% from 2009 and 10% from 2008.

"All of these factors bolster and accelerate the argument for organisations to protect their sensitive data with encryption," said Jamie Cowper, principal product marketing manager for encryption and data loss prevention at Symantec.

As companies increasingly rely on outsourcers, cloud-based technologies and mobile solutions, a major side effect is that more data is exposed to loss or theft, he said.

"Encryption technologies enable organisations to take a more proactive approach to data protection and avoid the heavy fines, brand damage, and operational disruption a data breach can cause," said Cowper.

Read more on Antivirus, firewall and IDS products