Thales e-Security Blog

Key Findings from the 2017 Thales Encryption Trends Study: Australia

Security: moving up the executive stack

The last few years will be remembered for frequent, large and damaging data breaches. They’ve impacted big business and small, private and public organisations, in Australia and around the world. When it comes to data security, hackers don’t discriminate.

This has made senior executives everywhere sit up and take notice, with companies concerned about being compromised and becoming tomorrow’s news headline. It’s effectively pushed data security responsibility out of the IT department and into the boardroom.

The 2017 Thales Encryption Trends Study Australia found the IT department’s influence over encryption strategy has more than halved in the past five years from 59 per cent to 28 per cent. At the same time, the influence of business unit leaders has risen to 27 per cent.

This shows increased maturity in data security – where lines of business starting to realize they are responsible for the data they own It’s a theme we see growing in Australian businesses. At a critical time when more attention is needed to protect sensitive information, it’s a move we applaud. But it’s not happening fast enough.

Lagging behind global trends

These findings still rank Australia well behind global markets where, for the first time in the study’s 12-year history, business unit leaders had the highest influence in encryptions decisions.

Our report also found that 55 per cent of organisations say finding where sensitive data resides is their top encryption challenge. Without clear ownership from all business units, it’s inevitable that pockets of information will be missed and remain vulnerable.

Prevention is better than cure when it comes to data security but it’s no longer a matter of if you’ll be compromised, it’s when. Recent mega breaches are a clear warning sign that organisations underestimate the risk of unencrypted data.

Despite media representations of a hooded, faceless hacker on the other side of the planet, our research found that 80 per cent of respondents are most concerned about internal threats from their own employees.

With Australia’s mandatory data breach notification scheme coming into effect from February 2018, compliance is a must. But from a reputational, financial and duty of care point of view, it’s important businesses look to exceed the minimum standards with a robust system of data encryption. Now is the time to act.

In today’s digital world, the stakes are higher than ever. And, with so many organisations under-prepared for data breaches, the accountability for ensuring a consistently high standard of encryption within an organisation must sit at board level for it to filter through a business.

We’re seeing improved attitudes toward data encryption in Australia but our report highlights that there is still so much more to do. Let’s use the lessons from recent mega breaches to make the case for cyber security and ensure it’s taken more seriously.

To learn more about the state of data encryption in Australia, download the 2017 Thales Australia Encryption Trends Study here.