- Remote working and rise in ransomware drive IT leaders to manage risk with mandatory encryption
- Nearly three quarters require encryption of data held on removable media
The number of UK organisations implementing data encryption as a core part of their cybersecurity strategy has continued to rise, with 32% introducing a policy to encrypt all corporate information as standard in the last year. In total, almost half (47%) of organisations now require the encryption of all data, whether it’s at rest or in transit. This is according to an annual survey of IT decision makers carried out by Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives.
Thirty-two per cent of organisations encrypt all data when it’s stored on their systems or in the cloud. Only 2% do not currently see encryption as a priority.
The stakes are getting higher for those organisations that don’t give the approach sufficient attention: 16% of the IT leaders surveyed admitted that a lack of encryption had been the main cause of a data breach within their company, up from 12% in 2021.
When asked about the main reason their organisation has increased the implementation of encryption over the past year, nearly a quarter (24%) of respondents said this was due to the rise in remote working, with 16% citing the rise in ransomware attacks.
Jon Fielding, managing director EMEA Apricorn, says: “It’s encouraging to see encryption high up on corporate priority lists; messages about the crucial role it has to play in protecting sensitive information are clearly getting through. When data is encrypted, it’s fully protected – if an unauthorised individual gains entry to an IT system or picks up a device that’s been left in an Uber, for instance, the information will remain unreadable.”
Nearly three quarters (73%) of organisations now have a policy that requires the encryption of all data held on removable media, such as external hard drives and USBs. Twenty-seven percent actively enforce the encryption of data on mobile devices and removable media. Forty-two percent only allow the use of removable storage devices if the data is hardware encrypted – up from 33% last year.
Jon Fielding explains: “Built-in hardware encryption with onboard authentication affords stronger protection than software-based encryption, which can leave devices exposed to counter resets, software hacking, screen capture and keylogging. When held in a hardware crypto module, encryption keys are protected from brute force attacks and unauthorised access.”
The proportion of organisations dealing with the risk to data held on removable media by physically blocking their use has dropped from 13% in 2021 to just 8% this year.
“This indicates an increasing maturity of approach to cybersecurity in the hybrid working environment,” continues Jon Fielding. “By choosing to avoid a ‘blanket ban’ on removable devices and seeking instead to secure the endpoint and the data, they can fully reap the productivity and flexibility benefits gained from storing or moving data around safely, offline.”
Data encryption provides organisations with a way to mitigate the biggest challenges faced by organisations when implementing a cybersecurity plan for remote or mobile working. According to the IT leaders surveyed by Apricorn, the three biggest problems are the complexity of managing all of the technology that employees need and use (cited by 42%), followed by the likelihood that employees will unintentionally expose the organisation to a data breach (38%), and uncertainty around whether data is adequately secured (32%).
“Organisation-wide encryption is a straightforward way of staying ahead of evolving cyber threats, complying with legislation and mitigating human error,” says Jon Fielding. “To be completely effective, it needs to become ‘business as usual’ – embedded into ways of working, mandated in policy, and enforced at an operational level.”
About the survey
The research was conducted during April 2022, by Vanson Bourne. Respondents were 100 UK IT decision makers (CIOs, Heads of IT, IT directors, Senior IT managers etc.) from enterprise organisations (1000+ employees) including financial services, IT, manufacturing, business and professional services. All interviews were conducted using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.
Apricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout EMEA, North America and Canada. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products and patents have been developed under the Apricorn brand as well as for a number of leading computer manufacturers on an OEM basis.
About Vanson Bourne:
Vanson Bourne is an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit www.vansonbourne.com.