UK firms double encryption policy use in 2024 study finds
Research by Apricorn has indicated a significant doubling in the use of encryption policies among UK organisations in 2024 compared to the previous year.
The study, which was conducted among IT security decision makers in the UK, reveals that 46% of organisations now require all data to be encrypted as standard, irrespective of whether it is at rest or in transit. This marks a substantial increase from 23% in 2023, highlighting a shift in the recognition of encryption's critical role in safeguarding sensitive information.
There has been a notable rise in the enforcement of encryption mandates, with 96% of organisations now ensuring that data held on removable media is encrypted. This reflects the advancement of intentions from the prior year to expand encryption usage, particularly concerning hardware encryption and security for remote and mobile IT devices.
The reliance on hardware encryption for portable devices, which are often susceptible to theft or loss, has increased. The survey found that 44% of organisations now only allow the use of hardware-encrypted, organisation-approved removable media, a significant rise from 22% last year. This trend parallels a growing requirement to secure data amid flexible working conditions where personal devices are being more widely used within corporate systems.
Jon Fielding, Managing Director, EMEA at Apricorn, commented on the findings: "These results demonstrate a clear shift in mindset, with organisations now following through on their plans to ramp up encryption efforts. The surge in hardware-encrypted devices, particularly for removable media and mobile devices, reflects a growing understanding that encryption is not just a best practice but a necessity in today's threat landscape."
Encryption has expanded across various devices, with security decision-makers reporting significant adherence: over 94% of their organisations encrypt data on laptops and desktops. The survey also noted 89% encryption implementation on mobile phones, and a similar figure for USB sticks. More than a quarter of the respondents plan to broaden their encryption usage across all these devices.
"Given the rise in remote working and the ongoing risk of cyberattacks, it's crucial for organisations to continue expanding their use of encryption across all devices and data in transit. Protecting data at every point of its lifecycle is essential to mitigate risks, especially as threats like ransomware continue to evolve," stated Fielding.
The uptick in encryption is largely driven by several motivations: 28% of decision-makers cite the protection of data as their primary reason, with 20% pointing to the rise of remote work, 18% emphasising the need to securely share files, while both avoiding regulatory fines and protecting lost or stolen devices are each mentioned by 11% of respondents.
This change reflects both the evolving security landscape and regulatory pressures, coupled with challenges that arise from remote work and the need for secure data sharing.
The survey discovered improvements in the comprehension of encryption requirements, as only 7% of organisations reported a lack of clarity on necessary data encryption, a marked improvement from 14% in 2023. This indicates enhanced visibility over data assets and improved protection methods.
While nearly 74% of organisations acknowledge their mobile or remote workers' willingness to comply with security measures, many highlight the lack of skills or technology to secure data, with 60% concerned about the risk of data breaches from these workers.
Phishing (34%) and ransomware (31%) are identified as top causes of data breaches, with 22% noting lack of encryption as a contributing factor—up by 5% over last year.
Encryption is a key strategy for compliance with cyber insurance requirements; 35% of respondents encrypt storage at rest and 39% encrypt data on the move, reinforcing the significance of encryption in cybersecurity and insurance compliance.
Fielding remarked: "As more businesses recognise that encryption plays an increasingly critical role in corporate cybersecurity strategies, the expanded adoption demonstrates that businesses are moving in the right direction to address emerging risks, though there is clearly still more to be done."