Business Info Fact Of The Day: Most Personnel Do Not Protect Laptop Information

The Ponemon Institute seems to have been busy doing surveys throughout the world recently!
According to three separate research surveys they did in the U.S., Canada and the U.K. they report within the BNA Privacy and Security Law Reports (subscription required) about “The Human Factor in Laptop Encryption” many interesting findings. The following are some of the high-level summary statements; see the full reports for some very interesting statistics and analysis:


* In the U.S….

  • “Ninety-two percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71 percent report that it resulted in a data breach. Only 45 percent report that the organization was able to prove the contents were encrypted.
  • Fifty-two percent of business managers surveyed strongly agree and agree that encryption stops cyber criminals from stealing data on laptops versus 46 percent of IT and IT security practitioners who strongly agree or agree.
  • Fifty-seven percent of business managers surveyed record their encryption password on a private document such as a post-it note to jog their memory or share the key with other individuals. Virtually none of the IT security practitioners record their password on a private document or share it with another person.
  • Fifty-six percent of business managers have disengaged their laptop’s encryption solution and 48 percent admit this is in violation of their company’s security policy.
  • Fifty-nine percent of business managers sometimes or often leave their laptop with a stranger when traveling.”

* In Canada

  • “Eighty-nine percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 47 percent report that it resulted in a data breach. Only 49 percent report that the organization was able to prove the contents were encrypted.
  • Fifty-four percent of business managers surveyed strongly agree and agree that encryption stops cyber criminals from stealing data on laptops versus 50 percent of IT security practitioners who strongly agree or agree.
  • Fifty-one percent of business managers surveyed record their encryption password on a private document to jog their memory such as a post-it note or share the key with other individuals. Virtually none of the IT security practitioners record their password on a private document or share it with another person.
  • Forty-eight percent of business managers have disengaged their laptop’s encryption solution and 42 percent admit this is in violation of their company’s security policy.
  • Fifty-six percent of business managers sometimes or often leave their laptop with a stranger when traveling.”

* In the U.K….

  • “Eighty-six percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 56 percent report that it resulted in a data breach. Only 45 percent report that the organization was able to prove the contents were encrypted.
  • Fifty-nine percent of business managers surveyed strongly agree or agree that encryption stops cyber criminals from stealing data on laptops versus 46 percent of IT security practitioners who strongly agree or agree.
  • Sixty-five percent of business managers surveyed record their encryption password on a private document such as a post-it note to jog their memory or share the key with other individuals. Virtually none of the IT security practitioners record their password on a private document or share it with another person.
  • Fifty percent of business managers have disengaged their laptop’s encryption solution and 40 percent admit this is in violation of their company’s security policy.
  • Fifty-two percent of business managers sometimes or often leave their laptop with a stranger when traveling.”

Look at how many people write down and share their encryption passwords!
Look at how many people disable their encryption!
I would love to do a study to show the impact of effective and ongoing awareness communications on these types of numbers.

Tags: , , , , , , , , , , , ,

Leave a Reply