A lack of encryption is the number one reason for businesses suffering the loss of sensitive data, new research has claimed.
A study from Fortanix found a third (33%) of the nearly 400 IT and cybersecurity professionals it surveyed said that leaving data unencrypted was the main reason for its loss at their organization.
This is despite the fact that 90% agree encryption is a good thing for their overall security. The survey also found that many organizations want to encrypt their data but are unsure how to go about it, due to a lack of staff with the expertise and skills to use encryption software, leading to uncertainty about when and where to apply it.
Positive signs
This was apparently the most difficult aspect for tech professionals to determine, with Fortanix concluding that this indicates "the need for solutions that provide consolidated discovery and assessment of cryptographic keys across hybrid, multicloud environments."
However, the news isn't all bad: the study also found more than 80% of organizations have implemented - or plan to implement - zero trust technology. 81% of respondents also said their organizations have dedicated teams in place for handling encryption.
In addition, key management systems, data loss prevention, and hardware security modules were found to be the top three technologies used to secure an organization's data.
And although only 24% have a unified key management system in place currently, more and more are expected to adopt one, with 50% looking to do this soon. On the other hand, federated key management is set to decline from 74% down to 47%.
Organizations are also looking to future proof their data protection; 76% of respondents are aware of post-quantum cryptography (PQC), with 14% already using it and 37% testing it out. However, cost and staffing are the main factors currently hampering its wider adoption.
Fortanix CEO Anand Kashyap commented on the findings that, "most enterprises lack complete control over encryption keys, creating significant risk. It's paramount these organizations adopt a paradigm shift towards a data-centric security strategy with full visibility and control over their encryption assets."
Senior Analyst Jack Poller also added that, "while it's a positive sign that most have confidence in encryption technologies, many don’t know how to implement it in a way that addresses their specific needs. It's apparent that these organizations need to invest in education, staffing, and solutions to get them where they need to be."
MORE FROM TECHRADAR PRO
- This is the best firewall for your business
- What is encryption? Everything you need to know
- Encryption is under attack, and the Online Safety Bill isn't the only culprit
