On another encryption note (the last one today we promise!), another study by Absolute Software Corporation and the Ponemon Institute has found that 56% of U.S. business (non-IT) managers disable bundled laptop encryption. This is despite that fact that 92% of IT security practitioners reported that at least one person in their organisation has lost their laptop or had it stolen, and 71% reporting that this resulted in a data breach.
These results indicate that despite the advance of security technologies, human behaviour still seems to be the main factor in data security.
Other interesting stats from the study are:
- Only 45% of IT security practitioners report that their organization was able to prove the contents of missing laptops were encrypted;
- Only 52% of business managers – employees most likely to have access to the most sensitive data (personally identifiable information and/or intellectual property) – have employer-provided encryption;
- 57% of business managers either keep a written record of their encryption password, or share it with others in case they forget it;
- 61% of business managers share their passwords, compared to only 4% of IT managers; and
- business managers are much more likely than IT security practitioners to believe encryption makes it unnecessary to use other security measures for laptop protection.
Highlights and the complete reports for “The Human Factor in Laptop Encryption” studies in the U.S., U.K. and Canada can be found here (though you will have to provide your details first).