Health Data is the Least Likely Type of Data to Use Encryption

The Ponemon Institute conducted a survey for the Global Encryption Trends Study on behalf of nCipher, a cryptographic solution provider. The study revealed that although health information is a highly valuable commodity to cybercriminals, it is the data type that is least likely to be encrypted.

5,856 respondents from various industries took part in study, which was conducted in 14 countries. The study aimed to find out more about:

  • Data encryption trends
  • Types of data that are most commonly encrypted
  • The extent that encryption is used to strengthen security posture
  • Challenges companies face when encrypting data

According to the study, there has been a steady increase in the use of encryption over the last four years. 45% of the surveyed companies have a general encryption plan or system that is used throughout the entire organization. 42% have a partial encryption plan or system used only on selected programs and data types. 13% do not use encryption at all.

Germany is the number one user of encryption in the world, followed by Australia, the United States and the United Kingdom. The Russian Federation and Brazil had the lowest use of encryption among the 14 countries represented. 65% of U.S. companies had a general encryption plan that was applied across the entire organization.

The industries with the highest use of encryption were tech & software (52%), financial services (50%), and the pharma industry and healthcare (49%).

Encryption technology used by different organizations varied considerably. No single technology dominated. Encryption is most commonly used for web communications, databases and laptop computer hard drives.

The principal reasons for employing encryption as stated by the respondents were to secure:

  • Sensitive intellectual property and the personal information of customers (54%)
  • Payment-related data (55%)
  • Financial records (54%)
  • HR/employee records (51%)
  • Intellectual property (51%)

The least likely type of information to be protected with encryption was health information, which is surprising considering the value of healthcare information to cybercriminals and the harm that can be caused if the data is misused. Only 24% of respondents stated their organization encrypted health data.

There are several challenges for organizations looking to encrypt information. According to the respondents, they faced the following challenges:

  • Identifying all sensitive information on the network (69%)
  • Initial implementation of encryption (49%)
  • Classifying which data to encrypt (32%)

One of the major encryption problems is key management. 61% of respondents said key management was very painful. The primary reasons for key management difficulties are:

  • Inadequate responsibility for the key management function
  • Lack of skilled personnel
  • Fragmented key management systems

Organizations use different key management systems. The most common systems are the formal key management infrastructure (KMI), formal key management policy (KMP) and manual processing.