The state of our encryption isn't strong, but it's getting better

Sophos recently released a report and infographic detailing encryption adoption in the enterprise. Here is how the numbers break out and what they mean.

Image: iStockphoto/merznatalia

In case you were unaware, January 28 marked national Data Privacy Day. On that day, security company Sophos released an infographic detailing some of the findings of its recent report, The State of Encryption Today.

The survey collected answers from 1700 IT managers and found that 44% of organizations are using encryption extensively, while 43% were using encryption to some degree. Larger companies were more likely to use encryption, though, with 50% of organizations with 501-2,000 employees using it.

SEE: Why citizens need encryption as a fundamental human right

In terms of individual device encryption, the technologies that respondents said they always encrypted broke down like this:

  • Servers - 70%
  • PCs - 66%
  • Laptops - 60%
  • Macs - 43%
  • Smartphones - 29%
  • Tablets - 29%
  • Wearables - 22%

Of the countries represented, the US led the encryption adoption with 54%, while Australia, Canada, and India all followed close behind with almost 50%.

In terms of what the respondents were encrypting, general customer data and customer payment data led the responses with more than three-fourths of respondents saying they always encrypt that data. Company financial information and employee bank details were also highly encrypted with roughly 70% of respondents saying that they always encrypt those types of data.

Intellectual property didn't get as much attention, but still had 59% of survey takers always encrypting it. Also, employee HR records were always encrypted by 57% of those who took the survey. Employee healthcare information was next with 53% and all files created by employees were encrypted by 40%.

The question then becomes why these organizations are encrypting in the first place. When listing out the factors behind their encryption practices, the survey takers responded as follows:

  • Protect proprietary data - 61%
  • Protect employee personal data - 56%
  • Compliance - 50%
  • General security policy - 49%
  • Aware of increasing cyberattacks - 38%
  • Avoid negative PR of data breach - 23%
  • Avoid costs of data breach - 18%

The cloud is a security issue with many organizations, and the respondents to this survey were no different, with 84% listing security of data stored in the cloud as a concern. Still, 80% said they allow data to be stored in the cloud, yet 39% said they are encrypting all the data they have stored there. However, 47% said they are encrypting at least some of the files they have stored in the cloud.

SEE: The impossible war on encryption (ZDNet)

Regarding the type of encryption the respondents were using, 36% said they use full disk

and file encryption. But, if the two were split, file encryption won out with 37%, compared to the 27% using only full disk.

There are still some organizations who aren't using encryption. The top barriers to encryption cited in the survey responses were lack of budget (37%), performance concerns (31%), and lack of encryption deployment knowledge (28%).

However, respondents planned to extend their use of encryption with 36% planning expansion in the next year and 33% planning expansion within the next one or two years.

The 3 big takeaways

  1. Despite its usefulness, only 44% of organizations are using encryption extensively, and 43% were using encryption to some degree.
  2. Servers and PCs were the most encrypted devices, while customer data and customer payment data were the most encrypted data types.
  3. The biggest barriers to encryption are lack of budget, performance concerns, and lack of knowledge on how to effectively deploy it.

Also see


Conner Forrest is News Editor for TechRepublic. He covers startups and enterprise technology and is passionate about the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox