Employee Data More Exposed Than Customer Data

New encryption report shows midsized organizations fail to encrypt all the sensitive things -- including their own intellectual property and financial data.

Midsized companies do a better job protecting their customer information than that of their own employees or their internal intellectual property, a new study found.
Nearly one-third of companies and organizations with 100- to 2,000 employees in the US, Canada, India, Australia, Japan, and Malaysia, say they dont regularly encrypt their employees bank information, and 43% dont always encrypt human resources files. Nearly half say they dont routinely encrypt employee health information, according to the Vanson Bourne survey conducted on behalf of security vendor Sophos.
And at a time when the US and other governments are trying to nip cyber espionage for economic gain in the bud via talks with China--one of the main offenders of that practice--nearly one-third of midsized organizations arent routinely encrypting their financial data and 45% say they dont always encrypt their intellectual property.
Encryption remains a big missing link in many data breaches, and apparently, in many organizations security practices. The study found that 44% of midsized companies say they widely deploy encryption, while 43% do so at some level. US companies encrypt the most (54%) and Malaysia (26%), the least. And overall, just 38% of smaller organizations (100- to 500 employees) encrypt widely, while half of larger ones (from more than 500 to 2,000 employees) do so.
Certain vertical industries of course, such as financial services, adopt encryption more widely.
That companies are prioritizing customer over employee data is not surprising. But it is surprising how much employee data is exposed out there. And [that they are] leaving intellectual property and financial data unencrypted was just shocking to me, says Marty Ward, vice president of product marketing at Sophos.
While some 84% of respondents say theyre worried about cloud security, about 39% are encrypting all files they send to the cloud, and 47%, some of their files.
Despite the counterintuitive practice of not widely protecting employee and internal organization data with encryption, there are signs of improvement and gradual adoption of encryption as a routine best practice. Two years ago, the number of them not encrypting was in the 75% range. The fact that were going toward the 50-50 range is actually an awareness of their part that they dont want to be [the organizations] in the press hit by a big breach, Ward says.
And the move toward file encryption versus pure disk encryption is also a positive development, he says.
So why are so many midsized organizations still not encrypting all the (sensitive) things?
Nearly 40% cite budget constraints; 31%, performance tradeoffs with encryption; and 28%, lack of encryption deployment know-how. About one-fifth say they dont have legal or regulatory requirements for encryption, and 19% say encryption isnt effective for locking down sensitive information.
The performance and complexity hurdle arguments are myths that have been busted, Ward contends. Encryption is a lot simpler than it once was, and in many cases, invisible to the user, he notes. But given some of the respondents come from smaller firms with few security resources, the complexity argument isnt surprising.
Meanwhile, the good news is that most of the organizations say they do have plans to more widely encrypt their data in the next one- to two years,
the report
says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Employee Data More Exposed Than Customer Data