RSS Alerts

Related Links

Related Stories

  • Comment: Who can you trust with your organization’s information?
    Martyn Smith of Logically Secure looks at a number of high-profile breaches of data security and their underlying causes. He also examines how organisations passing on valuable data to third parties can assure its protection and better understand each other’s security without relying only on trust or intrusive inspections
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • RSA Europe: The challenges of data protection
    There are several reasons why organisations appear not to take data protection seriously, Mike Smart, EMEA product marketing manager at McAfee said at RSA Europe in London on 22 October.
  • Conservatives unveil plans to reduce the surveillance state
    Fulfilling earlier commitments by David Cameron, the leader of the party, the Conservatives have published plans to reduce the role of surveillance and protect the public's right to privacy.
  • A blueprint for secure intellectual property
    Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure

News

Most UK organisations hit by data breach

09 July 2009

Seventy percent of UK organisations have been hit by one data breach or more in the last year compared to 60% the year before, according to a Ponemon Institute survey on encryption and information security commissioned by enterprise data protection firm PGP Corporation.

The 2009 annual study, UK Enterprise Encryption Trends study polling information security professionals at 615 companies and public sector organisations, also found that 12% of respondents had more than five data loss incidents over the last year compared to 3% the year before. Of these, only 43% were made public – Ponemon said “there was no legal or regulatory requirement to disclose the remaining 57% of incidents”.

The public sector saw the highest number of data loss with an average of 4.48 data breaches per organisation. Financial sector firms saw an average of 3.11 incidents, followed by the educational sector (2.47), healthcare and pharmaceutical firms (2.65) and professional services industry (2.52). On the other side of the scale with no reported breaches, were the entertainment, media and defence sectors.

Phillip Dunkelberger, president and CEO of PGP Corporation, said: “It’s clear that UK Organisations recognise the need to protect customer information and other valuable data assets, but while their intentions may be good, not all of them are doing everything it takes to make this a reality.

“This study underlines the critical importance of implementing an encryption strategy that encompasses all aspects of an organisation’s data, not just meet privacy or data security regulations but to also protect against brand damage and loss of customers.”

Lack of encryption policies

As perhaps expected, those seeing the highest leaves of data loss and breaches, were also the least likely to have introduced an effective, company-wide strategy for data encryption. None of those reporting more than five data breach incidents had an encryption strategy in place, whereas a third of those with no reported data breaches had enterprise-wide encryption policies and a further 36% having introduced a partial strategy to protect certain applications, departmental activities or data types.

Following recent reports of lost or stolen portable devices, this year’s study also included encryption of data on mobile devices. Just over half of respondents said encryption of data on mobile devices was ‘very important’, 34% believed it is only necessary to encrypt confidential data on mobile devices sometimes, and over a tenth thought it to be unimportant.

Despite a lack of organisation-wide enforcement of encryption policies, 57% of UK businesses said they are using some type of encryption solution, with the remaining 43% planning to implement encryption technologies.

Up one percentage point from last year, 14% or organisations use a single platform to deploy and manage encryption across multiple applications. All users said this improved the management of encryption keys and 90% said it raised the efficiency and effectiveness of their information security procedures. 59% also said they were confident a single platform for encryption would reduce operational costs associated with data protection.

Data protection regulation

Surprisingly, given the number of data breaches Infosecurity notes, 61% of respondents said data protection played and ‘important’ or ‘very important’ role in an organisation’s overall risk management efforts. Just under half (46%) said encryption helped them meet privacy commitments and 45% believed encryption was critical for protecting the company’s reputation.

The EU Privacy Directive was considered the most influential regulation impacting approaches to data encryption, followed by the Payment Card Industry (PCI-DSS) requirements and the UK Data Protection Directive.

 

This article is featured in:
Data Loss Encryption

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water