SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
New report finds Australia lagging behind with encryption strategies
Mon, 13th Jun 2022
FYI, this story is more than a year old

Australia is lagging behind the global average when it comes to having solid enterprise-wide encryption strategies, according to new research sponsored by Entrust.

The Entrust 2022 Australian Global Encryption Trends Study revealed that the number of organisations in Australia reported to have a consistent enterprise-wide encryption strategy stagnated at 55% in 2022, from 54% in 2021. Interestingly in comparison, the global average of organisations having a consistent enterprise-wide encryption strategy went from 50% to 62%, with the belief that many are seeking greater control of their data, which they have distributed across multiple cloud environments.

The top driver for encrypting data in Australia was found to be protecting information against identified threats (68% of respondents, vs. the global average of 50% and an increase from 63% in Australia last year). The next highest driver was compliance with internal policies (53% of respondents vs. the global average of 27%).

The financial and healthcare sectors were found to be the areas that required the most attention when it came to encryption, and in this case, Australia saw higher rates.

Financial records topped the list, with 56% reported in Australia and 45% globally, and healthcare information sat at 32% in Australia compared to  22% globally.

Intellectual property was previously the most encrypted data type at 62% in 2021, now compared to 48% in 2022, and this was followed by employee data (60% in 2021 vs. 50% in 2022).

Surprisingly, more than half of the Australian respondents (57%) admitted their company transfers sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenisation or data masking. But there is a definite knowledge of the need for change, with another 30% saying they expect to make changes in the next one to two years.

Entrust VP sales digital security APAC James Cook says the lack of growth could be put down to skills shortages and the lack of resources to undertake encryption work.

"In Australia, we noticed that the encryption strategy has stagnated over the last two years, which was an interesting find given that last year Australia was ahead of the global average. Organisations in Australia are striving to defend sensitive data against threats as it continues to increase their use of the cloud, containers and IoT platforms, however the slow growth highlights the pain point of skills shortages in Australia," he says.

Employees are also a significant risk to businesses in Australia, with 59% of respondents in the region citing employee mistakes as the top threat that might result in the exposure of sensitive data, compared with the global average of 47%.

"Over 17 years of doing this study, we've seen some fundamental shifts occur across the industry. The findings in the Entrust 2022 Global Encryption Trends study point to organisations being more proactive about cybersecurity rather than just reactive," says The Ponemon Institute chairman and founder Dr Larry Ponemon, who conducted the study.

"While the sentiment is a very positive one, the findings also point to increasingly complex and dynamic IT landscape with rising risks that require a hands-on approach to data security and a pressing need to turn cybersecurity strategies into actions sooner rather than later."

Entrust senior vice president for identity and data protection Cindy Provin agrees, saying organisations must think proactively about the way they use encryption.

"Managing encryption and protecting the associated keys are rising pain points as organisations engage multiple cloud services for critical functions," she says.

"As the workforce becomes more transitory, organisations need a comprehensive approach to security built around identity, zero trust, and strong encryption rather than old models that rely on perimeter security and passwords."