RSA 2012: Firms spend more on encryption to thwart attacks, comply with regs

The main drivers for deploying encryption are to protect brand reputation (45%), lessen the impact of data breaches (40%), and comply with privacy or data security regulations (39%), according to the survey of 4,000 business and IT managers in the US, UK, Germany, France, Australia, Japan, and Brazil.

Compliance is also driving increased budgets, with the highest IT security spend dedicated to data protection in countries that rank compliance as the most important driver for encryption.

The survey showed that the chief information officer, the chief technology officer, and IT leader still tends to be the most important figure in deciding encryption strategy (39%), but non-IT business managers have an increasing role in determining that strategy (21%), demonstrating that encryption is no longer seen as just an IT issue but one that affects an entire organization.

Respondents considered key management to be one of the most important features of encryption technology, in particular the use of automated and centralized key management. Half of respondents said they believed that investments in key management had the potential to reduce operational costs within their organization.

The report found that encryption deployment rates vary across countries. Germany, the US, and Japan show the greatest use of encryption. However, encryption is growing in importance in all the countries surveyed, with companies increasingly deploying encryption as part of an overall data protection strategy. In 2005 only 15% of organizations surveyed had an encryption strategy; this year, for the first time there are more organizations with an encryption strategy than without.

What’s hot on Infosecurity Magazine?