A study conducted by Pokémon Institute in 2018, which involved around 6,000 people across various industries and 14 countries, showed that health care information was ranked low in encryption percentages as compared to other industries. This is despite the sensitivity of health data and the recent spate of high-profile healthcare breaches. The study reveals what Trinsic Technologies has seen across the local healthcare environment.
The main aim for this study was to research on data encryption trends, how extensively encryption has been adopted to improve security, the type of data that is most likely to be encrypted, and the challenges that most companies face when encrypting data. The researchers found that Germany had the highest prevalence of encryption strategies followed by the United States, Australia, and the United Kingdom. Out of all the countries represented in the survey, Brazil and the Russian Federation had the lowest prevalence of encryption. The study also showed that 65% of companies in the United States of America had an overall encryption plan that was applied across the whole organization on a consistent basis.
According to the study, the use of encryption has been on a steady increase over the past 4 years. 42% of the surveyed organizations said they had a limited encryption plan, with it only being used on certain data types and applications. 45% of the organizations confirmed that they already have an encryption plan or strategy that is applied across the entire organization. 13% of the surveyed organizations, however, said they do not use encryption at all on any data type.
Tech and software industries were found to have the highest prevalence of encryption at 52%, followed by financial services at 50%, and the pharmaceuticals and healthcare industries at 49%. The technology used for encryption varied considerably and there is no single technology that was found to be preferred by most of the organizations. Internet communications, laptop hard drives, and databases are where encryption is most commonly applied. According to 54% of the respondents, the main reasons for implementing encryption were to protect customers’ personal information and sensitive intellectual property.
The most commonly encrypted data types include payment-related data at 55%, financial records at 54%, HR/employee data at 51%, and intellectual property at 51%. Surprisingly, health information was the least likely data type to be encrypted. This comes as a surprise since cybercriminals value healthcare data highly and also the harm that it can cause should this information fall into the wrong hands. Only 24% of the responded confirmed that the health information they gathered was encrypted.
The real challenge that most organizations face when it comes to building an encryption strategy is understanding where sensitive data lives within the network. This is according to 69% of the respondents. 49% of the respondents cited the initial implementation of encryption as a major challenge while 32% said that they faced challenges when it came to classifying which data they should encrypt.
About 61% of the respondents expressed a fairly high pain threshold when it comes to key management. The top reasons given for key management challenges included the lack of clear ownership of the key management function, isolated or fragmented management systems, and lack of skilled personnel. The most difficult keys to manage were found to be the keys to external cloud or hosted services. However, 60% of the respondents said their organization still transferred confidential or sensitive data to the cloud, whether or not it was made unreadable or encrypted.