Businesses still failing to encrypt sensitive data

Too few European businesses are bothering to encrypt their emails despite the risk of confidential information going astray, research has shown.

Questions put to senior IT managers in the UK, Spain, France and Germany by research company Vanson Bourne on behalf of security vendor Tumbleweed shows that 13 per cent of respondents admitted that unauthorised confidential information had left their organisations within the last year.

The study shows the 'alarming nonchalance' of businesses towards the growing problem of data breaches.

"Encryption is key for all internet communications but even more so in the outbound stream with employees, unwittingly or otherwise, sending sensitive information across open and vulnerable networks," says Soeren Bech, EMEA business director for Tumbleweed.

The problem remains acute, despite increasing awareness among businesses of the risk, says Bech. He says the research reveals that the transmitting of confidential data is ranked top email security concern by 39 per cent of respondents, with personal use and abuse of email rating a close second with 32 per cent.

Some 36 per cent of those surveyed rated bad publicity as a particularly painful consequence of a data breach, while 26 per cent listed fines or lawsuits on their list of concerns. However 59 per cent of those not already using encryption said that they did not see the business need to do so.

"There is still significant work to be done to educate businesses on the threats posed by data breaches," says Bech. Only in the financial services sector, he says, do the majority of organisations, 59 per cent, encrypt outbound email as a matter of course.

"Despite the many high profile incidents recently across Europe of these types of data breaches and the negative impact they have had on an organisation's reputation, it is alarming that our findings show so many organisations are not taking the 'threat from within' seriously," he warns.

The threat of poorly secured messaging goes well beyond impact on reputation, says Nancy Cox, an analyst with Ferris Research.

"IT messaging managers must navigate a maze of laws and regulations governing the treatment of email and other types of electronic communication," she says. "Don't forget that various regulatory bodies, as well as international and regional governments, have different requirements for handling electronic content. Compliance with those regulations, particularly Sarbanes-Oxley, impact all IT managers."