According to a survey by the Ponemon Institute (commissioned by credit-checking company Experian), 60% of IT professionals whose company lost data following a security breach did not encrypt customer information.
The types of lost data include email (70%), credit card or bank payment information (45%) and social security numbers (33%).
The survey involves over 500 IT professionals, who were asked to focus on one data breach they believed had the greatest financial and reputational impact to their organizations. It shows how a large number of companies are storing sensitive data in readable, unencrypted form-- unless required to encrypt by regulations or contracts.
Encryption does involve some pain, especially when involving older databases.
When it comes to the causes of data breach, most survey respondents say it was due to either a negligent insider (34%), the outsourcing of data to 3rd parties (19%) or a malicious insider (16%).
Once a breach happens, a lesson is usually learnt-- over 60% of respondents say their companies increased security budgets following a breach.
