UK organisations fail to protect data with encryption

(18/03/2009)

More than half of UK public and private sector organisations are still risking data breaches and leaks, because they do not have data encryption in place to secure information on laptops, handheld devices and removable storage media. This is one of the key findings of the second annual UK data security survey by Check Point Software Technologies Ltd.

According to the new survey of 120 IT managers and senior IT staff, 49% of respondents said they had data encryption solutions deployed in their organisations. 38% said they did not, and 13% said they did not know if encryption was in use.

This represents just a 1% increase in organisations deploying encryption to protect sensitive data in the past 14 months. This is despite 2007 and 2008 being the worst years on record for data losses and leaks, with over 30 million records lost by public and private organisations in the UK alone. In Check Point’s first UK data security survey conducted in November 2007 (the week of the huge data leak by HMRC), 48% of a similar sample of IT managers in public & private sector organisations said they had encryption, 40% said not, and 12% did not know.

Nick Lowe, Check Point’s regional director for Northern Europe said: “Evidently the lessons of the last year and a half – that a data loss or breach can happen to any organisation, whether private or public – have not been learned. It’s amazing that there has been no significant growth in the use of data encryption, when it is the one security technology that can stop any type of data leak.

“Even though these incidents have been front-page news, over half the companies surveyed are still running the risk of innocent data loss, or malicious theft. Organisations have got to protect their data, themselves and their employees against the risks, and that protection must be automated, so that employees cannot tamper with the security process.”

The survey also showed that the extensive data breaches reported in 2008 had not changed the IT security budgets for the majority of respondents. Just 29% said their security spend had increased, with 48% saying their spend had stayed static.

However, respondents indicated that investment in data encryption technology was their second-highest purchasing priority for respondents during 2009, with VPN / remote access technology just ahead. Virtualisation security was also expected to be a focus (27%). Intrusion prevention and perimeter security were also on the lists of 28% and 25% of respondents respectively.

A majority of respondents (68%) said that the current economic climate would not affect their IT security spending. 5% said they expected their security spend would increase, with 27% saying they expect it to decrease.

The survey found that 40% of organisations had up to 50 laptops in use, with a further 33% of respondents saying their company had up to 500 laptops in use. 47% of respondents said their organisation had up to 25 PDAs and smartphones in use, with a further 28% reporting up to 100 devices in their organisation.

Related topics:  Data management and data security   Encryption   Firewall   Internet and Web security   Mobile and Wireless Security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources