Image from Shutterstock.com
Image from Shutterstock.com

Fewer than half of Canadian businesses surveyed say they use encryption extensively to protect corporate data, according to a new survey released Tuesday from security vendor Sophos.

That puts us on behind the U.S. (54 per cent) but par with most of the six countries studied, says Marty Ward, the company’s vice-president of product marketing. On the other hand, he added, it also means half of the companies here don’t use encryption much, which he said is a “big hole.”

More seriously, 42 per cent of Canadians surveyed — and 43 per cent of all countries studied –said their firms don’t always encrypt employee records.

That last point was part of an “eye-opening” statistic across all countries, Ward said:  “Employee data is not being protected as well as well as it should be, and not as well as customer data. It almost seems like people are making a trade-off and saying, ‘Customer data is more important so I’ll make sure that;s protected, but employee data, not so much.”

He also noted that only 41 per cent of Canadian respondents said their firm encrypts data sent to the cloud.

Two hundred IT decision makers in Canada were among the 1,700 surveyed in six countries surveyed last fall, including the U.S., India, Australia, Japan, Malaysia.

Firms that say their use of encryption is "extensive." Sophos graphic
Firms that say their use of encryption is “extensive.” Sophos graphic

In some areas Canadian respondents fared well. For example, 85 per cent of respondents here said their organization encrypts payment data, much better than the average. And 45 per cent of Canadian respondents said their firm uses both file and disc encryption, higher than any other country studied. Encrypting files protects data wherever it goes, Ward said.

Fewer than half of Canadian businesses surveyed say they use encryption extensively to protect corporate data, according to a new survey released Tuesday from security vendor Sophos.

That puts us on behind the U.S. (54 per cent) but par with most of the six countries studied, says Marty Ward, the company’s vice-president of product marketing. On the other hand, he added, it also means half of the companies here don’t use encryption much, which he said is a “big hole.”

More seriously, 42 per cent of Canadians surveyed — and 43 per cent of all countries studied –said their firms don’t always encrypt employee records.

That last point was part of an “eye-opening” statistic across all countries, Ward said:  “Employee data is not being protected as well as well as it should be, and not as well as customer data. It almost seems like people are making a trade-off and saying, ‘Customer data is more important so I’ll make sure that;s protected, but employee data, not so much.”

He also noted that only 41 per cent of Canadian respondents said their firm encrypts data sent to the cloud.

Two hundred IT decision makers in Canada were among the 1,700 surveyed in six countries surveyed, including the U.S., India, Australia, Japan, Malasia.

In some areas Canadian respondents fared well. For example, 85 per cent of respondents here said their organization encrypts payment data, much better than the average. And 45 per cent of Canadian respondents said their firm uses both file and disc encryption, higher than any other country studied. Encrypting files protects data wherever it goes, Ward said.

Types of encryption used by firms. Sophos graphic
Types of encryption used by firms. Sophos graphic

However, data on mobile devices and data in the cloud was much less likely to be encrypted than data on desktop computers. That’s a significant concern given the widespread use of smart phones and tablets by businesses, says the report.

On the other hand 89 per cent of Canadian respondents said their organizations will expand their use of encryption over the next two years.

Ward acknowledged that Sophos sell encryption solutions, so it has an interest in pushing the technology. But it doesn’t necessarily mean revenue to the company, he added. Instead Sophos is pushing simplicity: Rather than spending time and money classifying data to decide what should be encrypted, he said, CISOs should assume all business data is important and should be encrypted.



Related Download
Gartner Magic Quadrant for Web Content Management 2015 Sponsor: Acquia
Gartner Magic Quadrant for Web Content Management 2015
Download this Magic Quadrant report to learn more about the WCM market and help evaluate vendors based on your specific needs
Register Now