Why aren’t all business laptops encrypted?
Encryption technology is simple and easy to implement so are businesses using complexity as just an excuse?

Well-respected security experts have questioned why many companies still aren't encrypting their laptops, even though the technology is now very easy to deploy.
At a security event held by Reuters and ENISA in London today, BT chief security technology officer Bruce Schneier said that it had now got to the point where, with "zero effort", all businesses could completely solve the problem of the lost laptop.
He said of encryption tools: "If you don't use them, you should download them. TrueCrypt is a free one, PGP disk is cheap, BitLocker comes with your Vista computer if you have one."
He added: "They're trivial, they have no latency you won't even notice the slowdown. They all link in to your Windows log-in you won't have to type a second key in."
Schneier said the fact that every business wasn't doing this "amazed" him, because the technology was so clean and easy to use.
"Especially if you're travelling overseas," Schneier added. "You just do it. It solves the problem."
Schneier also rejected the corporate argument that although the technology has been available for a long time, it was difficult to apply the technology across a broad number of platforms and business units.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"It's largely imaginary," Schneier claimed. "Encrypt your laptop. Type a key in, and a laptop's encrypted. Have the guy write the key down and give it to the security officer. This stuff is easy."
Howard Schmidt, president of the Information Security Forum (ISF) agreed, saying that today's technology made encryption very simple. He said it simply boiled down to companies making excuses as a reason not to do it, rather than pushing it as the right thing to do.
"Same thing goes with sender ID and mail," he said. "We could make a really big dent in spam just by implementing some of the mail technologies that are out there."
-
LaunchDarkly to "double down" on observability with Highlight acquisition
News Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
By Daniel Todd
-
Samsung Galaxy Tab S10 FE review
Reviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
By Stuart Andrews
-
PyPI attack: Targeting of repository 'shows no sign of stopping'
News Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats
By Ross Kelly
-
Capita's handling of cyber attack shows companies still fail at breach reporting
Analysis Capita initially told customers there was “no evidence” of data having been compromised in the March cyber attack
By Ross Kelly
-
Malware being pushed to businesses by search engines remains a pervasive threat
News High-profile malvertising campaigns in recent months have surged
By Ross Kelly
-
There's only one way to avoid credential stuffing attacks
Opinion PayPal accounts were breached last year due to a credential stuffing attack, but can PayPal avoid taking responsibility?
By Davey Winder
-
Five things to consider before choosing an MFA solution
In-depth Because we all should move on from using “password” as a password
By Rene Millman
-
Cyber security suffers from a communication problem
News Negative language around ‘human failures’ is eroding trust between security teams and broader business functions - it has to stop
By Ross Kelly
-
Does LastPass really deserve a last chance?
Opinion After several disastrous security incidents and a communications breakdown, it’s time to leave LastPass for pastures new
By Ross Kelly
-
What is the spell-jacking vulnerability and how can your business avoid exposing data?
In-depth Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacy
By Davey Winder