High-profile data breaches and new compliance regulations are raising uncomfortable questions in Australian boardrooms, according to the 2017 Thales Encryption Trends Study.
The study, undertaken by independent research firm the Ponemon Institute and sponsored by Thales, takes a detailed look at how Australian organisations are dealing with the increasing need for encryption to protect their most sensitive data. Despite mega breaches happening around the world and here in Australia, the study reveals that local organisations are still behind global counterparts in their urgency to improve their security posture.
Organisations are however accelerating their adoption of encryption strategies, with 32 per cent of respondents saying they are applied consistently across their organisations, up from 22 per cent in 2012. More than half (55 per cent) apply a limited encryption strategy to certain applications and data types but 13 per cent have no strategy at all.
More than half (57 per cent) of respondents said payment data is the most likely to be encrypted, but this is now closely followed by employee and HR data at 55 per cent.
An encouraging sign is that company Boards, which have generally taken a back seat on issues of cyber security, preferring to rely on advice from their IT departments, are stepping up to the task of tackling the problem and providing the necessary leadership. The influence of IT operations has halved in the past five years, from 59 per cent in 2012 to 28 per cent in 2017 while the influence of business unit leaders increased to 27 per cent from 20 per cent in the same time period.
Australia however, is still behind global markets where, for the first time in the study’s 12-year history, business unit leaders now had the highest influence over encryption decisions. In Australia, security departments make up 21 per cent while 24 per cent of respondents said no one single function is responsible.
While mega breaches and cyber-attacks are driving executive interest in data security, 80 per cent of respondents said their own employees were the greatest threat to data security, up from just 38 per cent five years ago. External hackers were named the top threat to data security for only 27 per cent of respondents.
This employee risk is compounded by the fact many organisations are still not sure where sensitive data resides in the business, with 55 per cent saying this was the number one encryption challenge.
The main driver for using encryption technologies is compliance with privacy and data security requirements, according to 64 per cent of respondents, compared to just 12 per cent five years ago. With Australia’s mandatory data breach notification scheme coming into effect next February, the research suggests organisations know they need to take compliance measures more seriously.
Thales eSecurity country manager (ANZ) Kelly Taylor said with the increasing use of cloud services, the study demonstrates more is being done to protect data.
“With more confidential and sensitive data being transferred to the cloud, encryption of that data is going to be more important than ever, especially ahead of tighter regulations coming in 2018.”