James Cook, Australia managing director for nCipher Security, told iTWire in response to a query that a global study just released by the company, based on research from the Ponemon Institute, showed more than half of Australian organisations (52%) had encryption strategies in place.
"That is a notable increase of 14% since 2018. In our experience dealing with Australian organisations, the bill has not deterred them from their encryption plans," Cook said.
"The bottom line of it is that organisations understand that the value of protecting data … the value of encryption to protect their data … is so high that even if it is implemented with some of the implications of this legislation, it will still be vastly superior to not doing encryption at all."
When asked, Cook said he could not comment on the use of encryption by individuals and whether this was on the rise or not. "nCipher Security’s focus is on business solutions, and so we cannot comment on consumer usage of encryption," he said.
"However, from a business perspective, the research tells us that email encryption doesn’t make the top in Australia in terms of data types that are most often encrypted. That doesn’t mean it’s not getting encrypted."
He said the effect of one laptop or one person’s email or one endpoint being compromised was important enough to protect against.
"A lot of sensitive information is shared via email. It would be great if the importance of data protection would be filtered down to encryption of people’s personal emails.
"However, organisations are working under the assumption that there are many ways hackers can exploit systems and endpoints to get at the data motherload that is the data at rest within the organisation’s systems; be that customer personal data, stores of credit card details, employee HR records etc., and that large store of data must be defended with encryption and robust key management as a top priority."
The encryption study gathered responses from 6457 individuals across different industry sectors in 17 countries: Australia, Brazil, France, Germany, Hong Kong, India, Japan, Mexico, Saudi Arabia, the United Arab Emirates), the Netherlands, Russia, Southeast Asia, South Korea, Sweden, Taiwan, the UK and the US.
Running for 15 years, the first study was conducted on an American sample in 2005. This report will focus on the findings from Australian respondents.
While overall most respondents put the protection of personal information as the top reason for using encryption - 54% opted for this against 47% who picked compliance - Australian respondents overwhelmingly (57%) opted for regulatory compliance as the main reason for adopting encryption. And for the third year running, Australians chose compliance with internal policies more than any other country (43% against 23%).
Cook said this did not really surprise him. "There has been a raft of new regulations and regulatory changes impacting this market over the past couple of years such as Consumer Data Right, and a critical focus on the financial sector in particular, so it is only natural for respondents to have a keen focus on compliance," he said.
"Organisations that move beyond encryption for the sake of compliance understand and value their data protection credentials as a genuine selling point," he added.
"Australian enterprises have an opportunity to transform their outlook on encryption from checking the compliance boxes to protecting customer information in ways that improve customer retention, profitability and competitiveness."
When it came to naming the biggest threat to sensitive data, 62% of Australian respondents selected employee mistakes. This was 8% higher than the global average.
Seventy percent of Australians said data discovery was the biggest challenge in planning and executing a data encryption strategy. That was likely to increase, with a pandemic-driven surge in employees working remotely, using data at home, creating extra copies on personal devices and cloud storage, nCipher said.
The study indicates that 52% of organisations in Australia had adopted encryption strategies across their businesses (48% globally). In the near term, 59% planned to use blockchain, with cryptocurrency/wallets, asset transactions, identity, supply chain and smart contracts cited as the top use cases.
More than four-fifths of Australian respondents said they had transferred sensitive data to the cloud, or planning to do so within the next year or tow.
"Consumers expect brands to keep their data safe from breaches and have their best interests at heart. The survey found that IT leaders are taking this seriously, with protection of consumer data cited as the top driver of encryption growth for the first time," says Dr Larry Ponemon, chairman and founder of Ponemon Institute.
"Encryption use is at an all-time high with 52% of respondents in Australia saying their organisation has an overall encryption plan applied consistently across the entire enterprise, and a further 33% having a limited plan or strategy applied to certain application and data types."
Other key trends:
- The fastest growing encryption use cases for respondents in Australia include public cloud services (49%, up from 32% last year), IoT devices (31% from 22% over the past two years) and Docker containers (26%, up from 19% last year);
- The highest prevalence of organisations with an enterprise encryption strategy is in Germany (66%) followed by the US (66%), Sweden (62%), Hong Kong (60%), the Netherlands (56%) and the UK (54%) with Australia at 52%.
- Globally payment-related data (54% of respondents) and financial records (54% of respondents) are most likely to be encrypted. Seventy-one percent of Australian organisations encrypted payment-related data, up from 44% two years ago.
- In Australia, organisations have continued to encrypt employee/HR data (58% vs 52% globally) and customer information (54% vs 44% globally) at higher rates than global counterparts.
Graphic courtesy nCipher Security