Pivotal shift in critical role of encryption as usage doubles in 2024

Apricorn research highlights encryption assurances being met as 96% mandate encryption on removable media.

  • Wednesday, 16th October 2024 Posted 1 month ago in by Phil Alsop

Apricorn has published findings from its annual survey into encryption policies, conducted among IT security decision makers in the UK. The survey revealed that almost half (46%) of organisations now require all data to be encrypted as standard, whether at rest or in transit – this is double the percentage from 2023 (23%) and marks a pivotal shift as more companies recognise the critical role of encryption in safeguarding sensitive information.

The findings also revealed a significant uptick in the adoption of encryption with organisations clearly taking steps to enhance their data protection strategies. A staggering [1]96% of organisations now enforce a policy that mandates encryption for all data held on removable media. This is in line with last year’s research which highlighted intentions to expand encryption usage, showing that those plans have now been followed through, particularly with hardware encryption and securing remote and mobile IT equipment.

Additionally, 44% said they only permit the use of hardware-encrypted, organisation-approved removable media, a significant increase from just 22% last year. This shows a growing reliance on hardware encryption to secure portable devices that are often exposed to greater risks of theft or loss. This is particularly notable given the increased need to manage and secure data in increasingly flexible working environments, where personal devices are becoming more integrated into corporate operations.

Commenting on the findings, Jon Fielding, Managing Director, EMEA Apricorn, stated: “These results demonstrate a clear shift in mindset, with organisations now following through on their plans to ramp up encryption efforts. The surge in hardware-encrypted devices, particularly for removable media and mobile devices, reflects a growing understanding that encryption is not just a best practice but a necessity in today’s threat landscape.”

Encryption across devices has also seen an expansion, with organisations ensuring data is protected on a range of different computing equipment. Over[2] 94% of IT security decision-makers reported that their organisation encrypts data on laptops and desktops, while 289% encrypt mobile phones, and 291% surveyed encrypt USB sticks. Furthermore, a majority are expanding encryption usage, with over a quarter planning to broaden their encryption coverage across all these devices.

“Given the rise in remote working and the ongoing risk of cyberattacks, it’s crucial for organisations to continue expanding their use of encryption across all devices and data in transit. Protecting data at every point of its lifecycle is essential to mitigate risks, especially as threats like ransomware continue to evolve,” commented Fielding.

Several factors have driven this increase in encryption implementation over the past year. The top five reasons cited by IT security decision-makers surveyed are: to better protect data (28%), to allow them to securely share files (18%), the rise in remote working (20%), to avoid regulatory fines (11%) and to protect lost or stolen devices (11%).

These reasons reflect both the evolving security landscape and the pressures of regulatory compliance, as well as the practical challenges posed by remote working and the need to share sensitive data securely.

Interestingly, there has been an improvement in understanding which data sets also need to be encrypted. Only 7% of organisations surveyed admitted they lacked clarity on which data sets require encryption, a notable improvement from 14% in 2023. This suggests that businesses are gaining better visibility over their data assets and how to protect them effectively.

This is a positive step, especially given that almost three-quarters of those surveyed [3](74%) also said that their organisation’s mobile/remote workers are willing to comply with security measures, but they don’t have the necessary skills or technology to keep data safe and 360% expect their mobile/remote workers to expose them to the risk of a data breach.

When questioned on the main causes of a data breach within their organisation, whilst phishing (34%) and ransomware (31%) topped the list, 22% cited a lack of encryption - an increase of 5% compared with 2023 findings.

Despite this, when asked what tools/strategies, they currently incorporate into employee usage policies to meet cyber insurance compliance, 74% said they encrypted storage at rest (35%) and on the move (39%), both of which ranked in the top five. This once again highlights the critical need for encryption to not only tackle cybersecurity threats and meet compliance demands, but to satisfy insurance criteria to enable the organisation to make a claim following a breach.

“As more businesses recognise that encryption plays an increasingly critical role in corporate cybersecurity strategies, the expanded adoption demonstrates that businesses are moving in the right direction to address emerging risks, though there is clearly still more to be done,” said Fielding.

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 3 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 3 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 3 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 3 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 3 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.