Breach index: Encryption used in 4 percent of Q2 incidents
Among 237 disclosed data breaches last quarter, encryption was used in only 10 instances.
Last quarter, organizations that reported data breaches only used encryption around four percent of the time to further safeguard data, a report found.
On Wednesday, data protection solutions firm SafeNet released its Breach Level Index report (PDF) for the second quarter of 2014, which examined 237 disclosed breaches worldwide. The incidents, which left 175 million customer records of “personal and financial information” exposed, included major breaches like those hitting eBay (145 million records) and the Montana Department of Public Health and Human Services (1.3 million people).
The report revealed that, among the breaches, encryption was only used in 10 out of the 237 incidents. Furthermore, only two incidents were classified as “secure breaches,” meaning strong encryption, authentication solutions or key management “rendered the data useless,” the report said.
The Q2 2014 report marks the first time that SafeNet noted the incidence of encryption during breaches.
Of note, the sector hit hardest by breaches last quarter, between April and June, was the retail industry, where 83 percent of records (or over 145 million records) were lost or stolen. Next in line was the government sector, which accounted for 11 percent of impacted records (over 19 million) in Q2.
On Wednesday, Tsion Gonen, chief strategy officer for SafeNet, told SCMagazine.com in an interview that, since the company began publishing the BLI report (now in its third quarter), the presence of encryption at companies has remained “static.”
Just one incident, for instance, where millions of unencrypted records are exposed, can overshadow smaller breaches where companies may have encrypted a lost or stolen laptop or devices, he explained.
Gonen does believe, however, that more companies will be forced to take up the security measure, as the costs and other consequences of breaches continue to climb.
“We don't see any significant increase in these [encryption] numbers as far as percentage,” Gonen said of the past year, later adding that he still expected to see a shift in behavior.
“I think we will see more encryption [being used]. We'll see companies doing more whether they like it or not,” Gonen said.
Accompanying the BLI report was a customer sentiment survey (PDF) which highlighted consumer attitudes about breaches. The study compiled responses from over 4,500 people in the U.S., UK, Germany, Japan and Australia, where 15 percent of individuals said they would “never again” shop or do business with a company experiencing a breach. Twenty-three percent of respondents said their patronage would be “very unlikely” after such an occurrence.[An earlier version of this article incorrectly stated that encryption was used in 23 percent of data breach incidents.]