Analyst Study Shows Employees Continue to Put Data at Risk

From the press release, results of the annual “Human Factor in Laptop Encryption” study by Absolute Software and the Ponemon Institute:

This year’s expanded study was conducted in the United Kingdom, Canada, France, Germany and Sweden, in addition to the United States. The study found that 15% of German and 13% Swedish business managers have disengaged their encryption solution. In contrast, 52% of Canadian, 53% of British, and 50% of French business managers have disengaged their encryption, while U.S. business managers are the most likely to circumvent company data security policy – topping the survey at 60%.

While Germans and Swedes disengage their encryption solutions less often, they may not be encrypting all their information: 49% of Swedish IT managers said that a lost or stolen laptop resulted in a data breach and German IT managers slightly less at 46%. Similarly, 50% of Canadian IT managers reported a data breach as a result of a lost or stolen laptop. IT managers from the U.S. had the highest percentage at 72%, followed closely by the U.K at 61%. France came in at the lowest with only 28% of IT managers saying that a lost or stolen laptop resulted in data breach.

Other key findings for the U.S. in this year’s study include the following:

  • 95% of IT practitioners report that someone in their organization has had a laptop lost or stolen and 72% report that it resulted in a data breach. Only 44% report that the organization was able to prove the contents were encrypted.
  • 33% of IT practitioners believe encryption makes it unnecessary to use other security measures, whereas 58 percent of business managers believe this to be the case.
  • 62% of business managers surveyed agree that encryption stops cyber criminals from stealing data on laptops versus only 46% of IT practitioners who feel the same way.
  • 36% of business managers surveyed record their encryption password on a document such as a post-it note to jog their memory or share the key with other individuals. In contrast, virtually none of the IT practitioners record their password on a private document or share it with another person.

Copies of the study are available at: www.absolute.com/human-factor.

About the author: Dissent