Call us Toll Free (USA): 1-833-844-9468     International: +1-603-280-4451 M-F 8am to 6pm EST

Pivotal Shift in Critical Role of Encryption as Usage Doubles in 2024

Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, today announced findings from its annual survey into encryption policies, conducted among IT security decision makers in the UK.  The survey revealed that almost half (46%) of organisations now require all data to be encrypted as standard, whether at rest or in transit – this is double the percentage from 2023 (23%) and marks a pivotal shift as more companies recognise the critical role of encryption in safeguarding sensitive information.

The findings also revealed a significant uptick in the adoption of encryption with organisations clearly taking steps to enhance their data protection strategies. A staggering [1]96% of organisations now enforce a policy that mandates encryption for all data held on removable media. This is in line with last year’s research which highlighted intentions to expand encryption usage, showing that those plans have now been followed through, particularly with hardware encryption and securing remote and mobile IT equipment.

Additionally, 44% said they only permit the use of hardware-encrypted, organisation-approved removable media, a significant increase from just 22% last year. This shows a growing reliance on hardware encryption to secure portable devices that are often exposed to greater risks of theft or loss. This is particularly notable given the increased need to manage and secure data in increasingly flexible working environments, where personal devices are becoming more integrated into corporate operations.

Commenting on the findings, Jon Fielding, Managing Director, EMEA Apricorn, stated: “These results demonstrate a clear shift in mindset, with organisations now following through on their plans to ramp up encryption efforts. The surge in hardware-encrypted devices, particularly for removable media and mobile devices, reflects a growing understanding that encryption is not just a best practice but a necessity in today’s threat landscape.”

Encryption across devices has also seen an expansion, with organisations ensuring data is protected on a range of different computing equipment. Over[2] 94% of IT security decision-makers reported that their organisation encrypts data on laptops and desktops, while 289% encrypt mobile phones, and 291% surveyed encrypt USB sticks. Furthermore, a majority are expanding encryption usage, with over a quarter planning to broaden their encryption coverage across all these devices.

“Given the rise in remote working and the ongoing risk of cyberattacks, it’s crucial for organisations to continue expanding their use of encryption across all devices and data in transit. Protecting data at every point of its lifecycle is essential to mitigate risks, especially as threats like ransomware continue to evolve,” commented Fielding.

Several factors have driven this increase in encryption implementation over the past year. The top five reasons cited by IT security decision-makers surveyed are: to better protect data (28%), to allow them to securely share files (18%), the rise in remote working (20%), to avoid regulatory fines (11%) and to protect lost or stolen devices (11%).

These reasons reflect both the evolving security landscape and the pressures of regulatory compliance, as well as the practical challenges posed by remote working and the need to share sensitive data securely.

Interestingly, there has been an improvement in understanding which data sets also need to be encrypted.  Only 7% of organisations surveyed admitted they lacked clarity on which data sets require encryption, a notable improvement from 14% in 2023. This suggests that businesses are gaining better visibility over their data assets and how to protect them effectively.

This is a positive step, especially given that almost three-quarters of those surveyed [3](74%) also said that their organisation’s mobile/remote workers are willing to comply with security measures, but they don’t have the necessary skills or technology to keep data safe and 360% expect their mobile/remote workers to expose them to the risk of a data breach.

When questioned on the main causes of a data breach within their organisation, whilst phishing (34%) and ransomware (31%) topped the list, 22% cited a lack of encryption – an increase of 5% compared with 2023 findings.

Despite this, when asked what tools/strategies, they currently incorporate into employee usage policies to meet cyber insurance compliance, 74% said they encrypted storage at rest (35%) and on the move (39%), both of which ranked in the top five. This once again highlights the critical need for encryption to not only tackle cybersecurity threats and meet compliance demands, but to satisfy insurance criteria to enable the organisation to make a claim following a breach.

“As more businesses recognise that encryption plays an increasingly critical role in corporate cybersecurity strategies, the expanded adoption demonstrates that businesses are moving in the right direction to address emerging risks, though there is clearly still more to be done,” said Fielding.

Methodology

The research was conducted by Censuswide with 604 IT security Decision Makers across the UK and US between 30.03.2023 – 10.05.2024. Censuswide abides by and employs members of the Market Research Society which is based on the ESOMAR principles and are members of The British Polling Council.

###

 

About Apricorn

Apricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout North America and EMEA. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products and patents have been developed under the Apricorn brand as well as for a number of leading computer manufacturers on an OEM basis.

[1] Combines ‘Yes – We only allow the use of hardware encrypted organisation-approved removable media’, ‘Yes – We only allow the use of organisation-approved removable media, which aren’t hardware encrypted, but we software encrypt everything written to them’, ‘Yes – We allow use of all removable media devices, including employees’ own USB sticks, but we software encrypt everything written to them’, and ‘Yes – We have another policy that requires encryption of all data held on removable media not mentioned above’

[2] Combines ‘We encrypt some of these devices, but have no plans to expand our encryption usage’, We encrypt some of these devices, but plan to expand our encryption usage’ and ‘We encrypt all of these devices’

[3] Combines ‘Strongly agree’’ and ‘Agree’

Press Release by Apricorn

Media Contact

Sarah Bark

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 remain open for late entries! Winners Announced October 31, 2024...

X