The way in which people work today has changed significantly since businesses started using encryption products to secure their data. On average we each have 2.9 devices that we expect to be able to use for work purposes. And we don’t just work from the office. We work from home, the car, the airport, the café and we need our data to keep up with us, and to stay secure whichever platform or device we choose.

Sophos conducted an independent survey of 1,700 IT managers in an effort to understand where businesses are succeeding with using encryption to secure their data. The survey identifies gaps in organizations’ encryption strategies as we continue moving toward a business world that demands secure access to data wherever the user is and whichever device they choose to use.

With Sophos being a leader in Channel-focused security the organization queried companies with 100 to 2,000 employees, and Marty Ward, the company‘s VP of product marketing, told Channel Partners that Sophos’ partners will likely see big revenue growth over the next few years.

“Sixty-nine percent of survey respondents said, ‘we are investing heavily over the next two years in encryption — we want to address this gap,’" says Ward. “Channel partners need to know that [customers are] concerned about performance and complexity, but they want to invest, so they need someone to help them make it happen.

Key findings of the survey reveal that private, highly-sensitive employee information, including banking details, human resource (HR) files and personal healthcare records, is at risk. While many companies take the security of their customer data seriously, employees are not protected to the same level.

Although three-quarters of companies report they are now encrypting sensitive customer data such as payment information, many companies aren’t extending the same level of protection to their own employees’ private data.

Employee bank details are encrypted by 69% of companies that store that type of data, HR records are encrypted by only 57% that store them, and employee healthcare information is encrypted by just 53% of companies that store those records

For example, 31 percent of the companies surveyed that store this type of data admit that employee bank details are not always encrypted. Forty-three percent of the companies holding sensitive employee HR files don’t always encrypt them, and nearly half of those that store employee healthcare information (47 percent) fail to consistently encrypt these records.

Of the U.S. companies surveyed that do use encryption, only 79 percent claim to always secure employee bank details, making it the most advanced of the six countries (US, Australia, Canada, India , Japan and Malaysia )By comparison, 48 percent in Japan fail to consistently encrypt employee bank details, making their employees the least protected.

Timeline for Increasing Use of Encryption

Encryption demand is growing although companies cite budget, performance concerns and lack of deployment knowledge as the top three barriers to implementing a solution. Three-quarters of organizations acknowledge that they need to improve how they encrypt and secure employee, customer and company information. In fact, over the next two years, 69 percent of organizations surveyed plan to increase their use of encryption, showing that companies are moving in a positive direction.

‘’At Sophos, we believe you can never have enough encryption. Simply put encryption is the best way to protect information from loss or theft, the last line of defense against cyberattacks and accidental data exposure ‘’ Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos.

Company data remains at risk as well. Nearly one-third (30 percent) of all organizations surveyed fail to always encrypt their own corporate financial information, and nearly half (41 percent) inconsistently encrypt files containing valuable intellectual property. The percentage is higher in the U.S. where 62 percent of organizations cite the need to secure proprietary data as a key driver to encryption.

Cloud data security is also driving encryption adoption. More than eight in ten companies (84 percent) expressed concern about the safety of data stored in the cloud. Nevertheless, while 80 percent are using the cloud for storage, only 39 percent encrypt all files stored in the cloud. The U.S. leads all six countries with a propensity to encrypt all files in the cloud with 48 percent of those surveyed in America doing so.  Malaysia is at the opposite end of the spectrum with only 17 percent of businesses surveyed encrypting all files in the cloud. 

“The State of Encryption Today survey confirms that while encryption is widely used and accepted by businesses, it also highlights critical gaps,” continued Schiappa. “Unfortunately, I am not surprised by the findings because too many people mistakenly believe that encryption is too complicated or too expensive to implement. The reality is that modern, next-generation encryption solutions can be easy to deploy and quite cost-effective.”

“Encryption is really the last line of defense," says Ward. “Even if you don’t have enough budget to have all the endpoint or network security that you want, if you have encryption, if your data gets stolen, at least no one will be able to read it or use it."

The State of Encryption Today survey methodology includes 1,700 IT decision makers interviewed in the U.S., Canada, India, Australia, Japan and Malaysia. All respondents were from organizations with 100 to 2,000 employees in all sectors, excluding government. 

A white paper containing the full survey results can be accessed at www.sophos.com/encryptionsurvey.