Press Release: 67% of French Organizations Hit by One or More Data Breach Incidents within Last Twelve Months
Research from Ponemon Institute Reveals that only 9 Percent of Respondents have an Overall Encryption Plan or Strategy Applied Consistently across the Enterprise
Paris and Menlo Park, CA/9 September 2009 – (PIN Payments Blog) PGP Corporation, a global leader in enterprise data protection, has announced the results of its inaugural annual study by The Ponemon Institute, identifying the steps French organizations are taking in order to safeguard their confidential data. The 2009 Annual Study: France Enterprise Encryption Trends study, which polled 414 IT security professionals at enterprises and public sector organisations, found that 67 percent of French organizations have been hit by at least one data breach incident within the last year, with 18 percent having been hit by more than five incidents.
A massive 92 percent of the data breaches were never disclosed as there was no legal or regulatory requirement to do so.
Despite the large number of data breach incidents, 71 percent responded that data protection was a ‘very important’ or ‘important’ part of their risk management strategy, with protecting sensitive or confidential information in motion (transfer) or at rest (storage) their top priority.
“It is very encouraging to see that 71 percent of respondents view data protection as a critical part of their overall risk management plan” said Dr Larry Ponemon, Chairman and founder of The Ponemon Institute. “However, the low percentage of French organisations having an overall encryption strategy in place or using a platform approach to encryption suggests that there are still considerable improvements to be made. The focus for 2010 needs to be on applying a strategic approach to data security across the enterprise.”
The following provides an overview of the key findings of the 2009 France Encryption Trends report:
- Only 9 percent of organizations have an overall encryption plan or strategy that is applied consistently across the entire enterprise. Forty-five percent have no encryption plan or strategy whatsoever while the remaining 46 percent adjust their encryption plan to fit different applications and data types, or use encryption for certain types of sensitive/confidential information such as social security numbers or credit card accounts.
- Encryption is primarily used to comply with privacy or data security regulations (65 percent) or to limit the brand and reputation damage linked to data breaches (43 percent). With regard to the regulations and regulatory bodies most influential in organisations’ decision to implement encryption, the French Data Protection Commission and French National Privacy Law come out on top with 66 percent and 62 percent respectively. International regulations such as Sarbanes Oxley have a very minor impact (4 percent).
- Eleven percent of organizations use a platform approach to managing encryption solutions across the enterprise. Eight-two percent of these organisations believe the encryption platform increases the effectiveness and efficiency of their IT security programme. Reduced operational costs, consistent policy enforcement across applications and integration with third-party encryption applications were specifically listed as the primary benefits.
- Fifty-six percent of respondents use encryption technology at some level and the remaining 44 percent are in the process of introducing it. Encryption is most widely used to protect data on databases, VPNs and file servers. Mainframe and USB flash drive encryption are the least deployed applications.
- Seventy-one percent of organisations have a fully executed or just launched implementation of data archive and e-discovery systems programme. The figure is just slightly lower for the implementation of network-based data leak detection and prevention technologies (70 percent). More than half of respondents (58 percent) have just launched or fully executed an endpoint device control technology.
- Sixty-seven percent of respondents revealed that they had been hit by at least one data breach in the past 12 months. Of the companies that experienced 2 to 5 or more than 5 data breach incidents, none of them had implemented a company-wide strategy governing the use of data encryption technologies.
- A majority of respondents (58 percent) believe the ability to install a management infrastructure once, and then add additional encryption applications as needed is ‘very important’ or ‘important’. Other important features include the automation of key encryption management activities (55 percent) and enforcement of encryption policy across all applications.
- Encryption solutions are seen as a security priority for 39 percent of respondents. 29 percent also indicate that key management for encryption solutions is earmarked amongst the security initiatives in the current budget and accounts for just over 21 percent of overall spending on encryption.
- Forty-five percent of respondents consider loss or theft of confidential or sensitive data one of the major security threats of the next 12 to 24 months. Despite this, 68 percent do not encrypt sensitive or confidential information on mobile data-bearing devices such as PDAs and smartphones, only 4 percent use encryption on USB flash keys and 47 percent are ‘unsure’ or ‘not confident’ about their ability to protect confidential or sensitive information in motion.
For more information or to receive a complete copy of this study, visit: www.encryptionreports.com
About The Ponemon Institute
The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organisations in a variety of industries.
About PGP Corporation
PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.
PGP® solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune 100, 75 percent of the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of the UK FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies’ brands and reputations. Contact PGP Corporation at www.pgp.com
Media & Analyst Contacts for PGP Corporation:
Carol Pender/Alexandra Radius
Johnson King
+33 (0)1 53 16 11 11
carolp@johnsonking.fr
alexandrar@johnsonking.fr
North America
Tom Rice
Merritt Group
+1 703 856 2218
rice@merrittgrp.com
United Kingdom
Jacqui Depares / Richard Scarlett
Johnson King
+44 (0) 20 7401 7968
pgpteam@johnsonking.co.uk
Germany
Ingrid Daschner
Johnson King
+49 (0) 89 8940 8511
ingridd@johnsonking.de