Failure to Encrypt Let Thieves Rip

• Content
• Security, Fire & Contingency Planning
• Failure to Encrypt Let Thieves Rip

05 February 2016 | Updated 01 January 1970

A worrying report reveals that 26% of organisations have suffered loss or exposure of customer data in the last 12 months and with failing to encrypt sensitive information.

 The report by AIIM reveals that 26% of organisations have suffered loss or exposure of customer data in the last 12 months but 25% of organisations do not encrypt sensitive data and struggle to address data privacy
It becomes puzzling therefore that while 38% of organisations are highly dependent on sensitive personal content to as part of their business processes, they struggle to address data privacy.
The report – Data Privacy – Living by New Rules – revealed that in the last 12 months, 26% of organisations suffered loss or exposure of customer data with 18% losing employee data. As a consequence, 10% received action or fines from a regulator, 25% saw a disruption to business and 18% a loss of customer trust.
Data breaches are much more likely to be due to internal staff than external hackers with 47% of organisations surveyed having suffered a data breach, exposure or incident in the past 12 months due to staff intent (19%) or staff negligence (28%). 13% suffered data loss from external hackers. Despite this, around a 25% of respondents feel that senior management does not take the issue of data privacy breaches seriously.
The research also revealed a lack of familiarity with forthcoming General Data Protection Regulations (GDPR) which are now heading for the statute books across the EU. 37% of those storing Europeans’ data are not familiar with GDPR, including 11% who (mistakenly) think it will not apply to them.
Furthermore, 11% consider the recent European Court ruling that largely negates the Safe Harbour arrangement for US companies storing Europeans’ data to be a ‘disaster’ – 67% are placing increased reliance on other measures and 33% are waiting for a renegotiation of Safe Harbour, or clarification through the GDPR.
“If an organisation holds data on European citizens, they have to be aware of the need to ensure that European data protection standards apply wherever that information is stored and ensure their organisation is taking steps to ensure compliance,” explained Bob Larrivee, Chief Analyst, AIIM. “GDPR means that both data processors and the organisation whose data is being processed are joint data controllers so the organisation needs to positively audit the processor, including cloud service providers, to ensure that compliance is being met.”
Organisations are taking some steps, however, to ensure the privacy and security of the data they hold. 64% of respondents claim to encrypt all Personally Identifiable Information (PII) they hold, rising to 75% for sensitive personal data.
Nevertheless, only 38% encrypt email addresses and an ‘astonishing’ 25% of those storing credit card details do not encrypt them – which is likely to be an immediate contravention of the PCI-DSS standard. 20% rely on metadata and content types to drive security but half of respondents admit to poor metadata standards – a situation that can be improved with the latest metadata correction and data cleaning products.
The survey was taken using a web-based tool by 202 individual members of the AIIM community between 23 October 2015, and 16 November 2015. Invitations to take the survey were sent via e-mail to a selection of the 160,000 AIIM community members.

Picture: The AIIM report finds a worrying 25% of organisations do not encrypt sensitive data

Article written by Mike Gannon | Published 05 February 2016

Share

Related Articles