Boardrooms have finally started giving encryption the attention it deserves

This is a contributed piece by John Grimm, Senior Director of Security Strategy at Thales e-Security

For just over a decade, business’ approach to cyber and data security, and the risks posed by hacking threats, have been driven by their IT departments. However, it has now become clear that boardrooms are taking up this mantle. For the first time since the inception of our Ponemon Global Encryption Trends Report in 2005, business unit leaders now have greater influence over an organisation’s encryption strategies than any other group.

Let’s look at the numbers. The overall influence that business unit leaders now have over encryption strategy has risen from 10% since our first study in 2005, to 30% today in 2017. Within this same period, the IT department’s influence has dropped considerably from 53% to 29%.

It is interesting to note that this trend varies according to region, with four countries standing out in particular. In Europe, France was the country that claimed their lines of business had the most influence over their organisations’ encryption strategies, standing at 41%. Across both North and South America, similar claims were made by the US at 34%, and Mexico at 30%. The UK also stood at 37% in this regard. Amongst the remaining seven countries surveyed for the study, those surveyed maintained that their IT operations still had the most responsibility.


Growing in importance

Hardly a day goes by now without a government or trade body releasing a report highlighting just how widespread data breaches have truly become. The same goes for high-profile multinational companies grabbing unwanted headlines for severe security breaches, succumbing to the will of a scheming hacker, malicious insider, or perhaps an employee mistake.    

The crippling effects that such breaches can have not only on a business’ cyber defences, but also on its reputation, customer base, and, ultimately, its bottom line, are certainly more than enough to give its board members a sleepless night. To avoid making a splash in tomorrow’s papers, implementing fortified security measures that guarantee the privacy of both its customers’ data and that of its employees is an absolute must.

Consequently, the significant increase in the adoption of encryption strategies globally has grown almost in tandem with the rise in data breaches.

Back in 2005, just 15% of those surveyed had an encryption strategy consistently applied across the enterprise. In 2017, however, this year’s study recorded a huge increase in that figure, as nowadays over two in five organisations (41%) have a consistent strategy.

Once again, interestingly, this does vary according to region. The highest deployment rate worldwide resides in Europe, with Germany standing at 65%, followed by the US at 50%, and then Japan at 44%. At the other end of the scale, the Middle East, Mexico and Australia had the lowest deployment rates for encryption strategies with 30%, 31% and 32% respectively.


Compliance is key

Unsurprisingly, historically this study has found compliance to be the key driver for the use of encryption in business. This year was no different. However, when coupled with data breaches, the ongoing focus on compliance has continued to elevate encryption to boardroom level. Over half of respondents (55%) identified compliance with privacy and data security regulations as the main thrust behind the push for broader encryption use.

Given that regulatory changes such as EU GDPR and eIDAS are on the near-term horizon, there is now an increasing likelihood that companies will consider how they can effectively integrate encryption as a crucial element of their data protection strategy.

Factors such as the need for encryption technology solutions to protect enterprise intellectual property (51%) and customer personal information (49%), as well as protecting information against targeted, identified threats (49%) have all increased in importance across businesses for years. Collectively they now follow close behind compliance as key drivers, highlighting the increasingly diligent approach adopted by organisations in the identification of the sensitive information requiring up-levelled protection.

These findings reveal that fewer businesses are adopting robust security strategies, such as encryption, because they simply feel that they have to. Rather, they are choosing to adopt them because they need to – for the sake of better protecting valuable data.

Above all, it is encouraging to see that data protection is making its way up the boardroom agenda. Despite the balance of power in terms of driving encryption strategy having shifted, it is important that business leaders and IT teams continue to collaborate to ensure that encryption is effectively implemented across entire organisations.  


« F5: Consistency of capabilities is key to all Clouds


Five tips to keep your business safe from the next global cyber worm »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?