Report: Encryption Adoption Steadily Growing

The use of encryption is on the rise, but so is the number of data breaches, according to a new report.

The Ponemon Institute's "2009 U.S. Enterprise Encryption Trends" report, commissioned by PGP Corp., found the number of organizations deploying encryption on an ad hoc basis is declining because more are using an encryption platform across the enterprise -- 25 percent this year versus 17 percent last year. But the bad news is that 73 percent of companies say they have experienced at least one data breach in the past 12 months, while 60 percent had the previous year.

"In general, organizations continue to have data breaches...despite encryption [adoption] getting better," says Larry Ponemon, chairman and founder of the Ponemon Institute.

Around 22 percent of firms had been hit with five or more data breaches, up from 13 percent the year before, and 34 percent had suffered two or more breaches in the past year. And those organizations that had no encryption strategy were the only ones that suffered five or more breaches, according to the report.

But the good news is that encryption is becoming more strategic for companies. "We see the trend is up of more organizations evolving an encryption strategy," Ponemon says. Point solutions are also shrinking as they expand encryption beyond just email, for instance.

The most common form of encryption in organizations is file-server encryption, with database encryption and full-disk encryption next in line. Mobile may be the next frontier, according to the study: More than 59 percent of respondents said encrypting data on their users' mobile devices is very important or important. "I was surprised that a majority viewed [mobile data] encryption as a highest priority," Ponemon says.

Around 22 percent said they have no encryption strategy, down from 26 percent the year before. "That's the group of people I worry most about. Even if they are users of encryption, they are [probably] not using it in the right way or haphazardly," Ponemon says.

And not surprisingly, compliance is the incentive behind much of today's encryption adoption, according to the report. Around 64 percent said compliance requirements are one of the top reasons for their deploying encryption, up from 58 percent last year.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.