Apricorn today announced findings from a survey highlighting the rise in encryption technology post-GDPR enforcement. Two-thirds of respondents now hardware encrypt all information as standard, which is a positive step considering over a quarter noted the lack of encryption as being one of the leading causes of a data breach within their organisation.
This is in contrast with last year’s survey where only half enforced encryption of data, or were completely confident in their encrypted data, in transit (52 percent), in the cloud (52 percent) and at rest (51 percent), showing a discernible increase in the use of, and need for, encryption as a critical component of the data security process.
More than 41 percent of respondents have also noticed an increase in the implementation of encryption in their organisation since GDPR was enforced, and their organisation now requires all data to be encrypted as standard, whether it’s at rest or in transit. This demonstrates the significance of encryption in GDPR compliance and the protection of sensitive data and is likely driven by it being recommended explicitly in Article 32 of GDPR as a method to protect personal data and in Article 34, where obligations towards breached data subjects are reduced where the breached data is encrypted.
GDPR is making security a board-level topic with the C-suite now owning the security budget in 86 per cent of the companies surveyed. Organisations are allocating just under a third (30 percent) of their IT budget to GDPR compliance, which is huge increase when considered against research commissioned by IBM in 2018 that set the ideal spend on cybersecurity, in general, at 9.8 to 13.7 percent of the IT budget.
However, despite last year’s survey finding that ninety eight percent of those who knew that GDPR applied to them forecasting a need to assign further budget and resources after achieving compliance, almost a quarter (24 percent) of this year’s respondents that claim to be in compliance, believe they do not need to assign any further budget or resources.
Jon Fielding, Managing Director, EMEA Apricorn said: “With the first anniversary of GDPR this week, it’s clear that organisations are getting their houses in order, but there still seems to be a long way to go in terms of education and awareness. Organisations need to be mindful that GDPR is an ongoing process and not just a tick box exercise. The most common ways to maintain compliance are to continue to enforce and update all policies and invest in employee awareness regularly. Additionally, encryption is a key component within the compliance “kit”, helping to lessen the probability of a breach and mitigate any financial penalties and obligations that would apply in the unfortunate event of a breach.”