BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

One-Quarter Of Organizations Do Not Encrypt Sensitive Data

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 2 Feb 2016 19:10:20 -0700
http://www.bsminfo.com/doc/one-quarter-organizations-encrypt-sensitive-data-0001

Research by AIIM revealed 26 percent of organizations have suffered
customer data loss or exposure over the past year, but 25 percent do not
encrypt sensitive data.

AIIM’s report Data Privacy – Living by New Rules states that as a
consequence of lost customer or employee data, 10 percent of affected
organizations faced fines or regulatory actions, 25 percent experienced a
disruption to business, and 18 percent suffered a loss of customer trust.
In addition, 38 percent of the organizations polled reported being highly
dependent on sensitive personal data, while 33 percent have some sensitive
client data, and 20 percent have just basic HR content.

“Customer data can be an invaluable asset for any organization, but it is
imperative that personal data is kept safe and that consumers are confident
their personal details remain private,” says Bob Larrivee, chief analyst at
AIIM, in a release.

As previous studies have found, internal threats can be more dangerous than
external ones when it comes to data breaches, and the AIIM study found that
47 percent of organizations polled reported a data breach, exposure, or
incident in the past year as a result of staff intent (19 percent) or staff
negligence (28 percent), while just 13 percent experienced an external hack.

Of those polled, 68 percent want governments to encourage stronger,
tamper-proof encryption; the survey shows 62 percent do not encrypt email
addresses and 25 percent do not encrypt credit card data, while 64 percent
claim to encrypt all personally identifiable information (PII) and 75
percent encrypt all sensitive personal data.

The study found the biggest challenges businesses face are persuading
employees to use encryption, followed by dealing with forgotten passwords
or lost two-factor devices.

The Web-based survey of 202 AIIM community members was conducted between
October 23, 2015, and November 16, 2015.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: