In plain sight: Why is less data being encrypted? - Image by Unsplash+ In collaboration with Getty ImagesData security has become a priority for companies of all shapes and sizes. It ranges from major headline-breaking breaches affecting Boeing, Sony, Apple, Meta and Twitter in 2023 to estimates that as many as 60% of SMEs that suffer a cyber-attack will go out of business within six months. It shows that the importance of preparedness in combatting threats and protecting data has never been greater.

A critical piece of this puzzle is encryption. It is defined as the process through which data is encoded to ensure it remains inaccessible to unauthorised users. It’s a technique that plays a critical role in maintaining the integrity of private or sensitive information.

In terms of putting this into practice, there are two key avenues to consider: software encryption and hardware encryption.

Software encryption relies on computing programs to encrypt data and, generally, uses passwords to authenticate users. The BitLocker drive encryption feature of Microsoft Windows is a good example of this.

Hardware encryption, meanwhile, leverages a device complete with a separate processor to encrypt and authenticate users. Examples include PINs entered onto attached keypads or biometric login methods such as fingerprint authentication on mobile phones.

Both methods have their merits. The former is relatively simple and cost-effective to implement. The latter is considered harder to break and, therefore, safer. However, encryption is undoubtedly vital to securing data, regardless of the approach taken, particularly given modern working practices.

Encryption is vital for overall protection

Firms no longer operate out of a singular and easier-to-protect workspace or office. Today, employees can work wherever, whenever and however they like.

The widespread adoption of flexible, remote and hybrid models gives employees much greater freedom. It is proving to be a major security issue for enterprises.

According to new annual research from Apricorn, the loss of devices containing sensitive information coupled with a lack of encryption has been responsible for data breaches in more than 35% of organisations.

Concerningly, these figures have increased year over year. 17% of security leaders highlighted a lack of encryption as a main cause of a data breach, up from 12% in 2021. Furthermore, 18% had seen lost or misplaced devices containing sensitive data result in a breach. It’s a risk that could’ve been avoided through effective encryption practices.

While this uptick is concerning, it is perhaps of little surprise given the massive drop in encryption of data on devices across UK companies over recent times. The survey also revealed that just 12% of organisations currently encrypt data on all laptops – down from 68% in 2022.

A similar trend can be seen for all other devices. In the case of desktop computers, 17% now encrypt all data – down from 65% in 2022. For mobile phones, there’s been a drop from 55% to 13%. And for USBs and portable drives, the drops have also been significant, down from 54% to 17% and 57% to 4%.

While adoption is down, intent is up

With encryption practices trending in the wrong direction, many businesses cannot protect critical data when it’s being shared, handled and stored on devices. It creates unacceptable levels of risk. Now, more than ever before, that trend needs to be reversed.

Encryption is a vital part of the security arsenal. It ensures that critical information is rendered unintelligible to those not authorised to access it. Whatever happens to a device and whoever might get their hands on it, those organisations deploying encryption policies as standard will retain peace of mind that their data is secure.

The good news is that many organisations are willing and actively attempting to make the necessary changes. Promisingly, there has been a major jump in the number of security leaders who don’t currently encrypt devices but plan to do so soon. It is up from 12% to 23% on average across all devices.

Notably, this rise has been most significant across removable devices. For instance, more than four in 10 (42%) plan to introduce or expand encryption on USB sticks (up from 20% in 2022). That rises to 48% for portable drives (up from 16% in 2022.).

The challenges and merits of implementing encryption policies

So, what needs to change to turn this intent into action? At present, there appears to be confusion over where enterprise data is and what needs to be encrypted. According to the Apricorn survey, one-fifth of security leaders admitted losing control of data and/or didn’t know which data sets to protect.

Of those security leaders with mobile/remote workers, 22% said they had no control over where company data goes or where it is stored. Furthermore, 14% admitted that they don’t currently have a good understanding of which data sets need to be encrypted.

Improving visibility and control is vital for effective company-wide encryption. Without complete oversight of data and devices, there is a much greater likelihood that breaches will occur as potential risks slip through the net unseen.

For those who can overcome these hurdles and get themselves into a position to implement company-wide encryption, the merits of doing so are significant. The survey found three main motivations for doing so included:

  • The ability to securely share files (20%)
  • Protection of lost and stolen devices (18%)
  • Avoidance of regulatory fines (14%).

The implementation of effective encryption policies is also recognised as a key criterion for securing cyber insurance. It is becoming an increasingly key component of well-rounded, multi-layered cybersecurity strategies. When firms were asked what tools and strategies they incorporated into employee usage policies to comply with cyber insurers’ eligibility criteria, two of the top answers cited were the requirement to encrypt data at rest (25%) and on the move (22%).

Now is the time for change

Companies recognise the benefits of encryption and the risks of data compromise or loss that arise from neglecting to apply it. However, despite this, data continues to remain under-protected. Just 12% of organisations currently encrypt data on all laptops, and only 13% do so for mobile phones.

Yes, IT leaders are highlighting their intentions to expand encryption to remediate the gap. But this needs to happen sooner rather than later. With employee actions increasingly exposing corporate data to breaches, both intentionally and unintentionally, the need to encrypt automatically as standard has never been greater.

ApricornApricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout North America and EMEA. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products and patents have been developed under the Apricorn brand as well as for a number of leading computer manufacturers on an OEM basis.


Please enter your comment!
Please enter your name here