Germany leads the way in data protection, driven by regulation and compliance
nCipher 2020 Germany Encryption Trends Study finds organizations racing to protect sensitive data as it proliferates across cloud, IoT devices and 5G networks
As organizations accelerate digital initiatives such as cloud and the internet of things (IoT), and data volumes and types continue to rise, Germany leads the way in deploying encryption for data protection according to the 2020 Germany Encryption Trends Study from the Ponemon Institute.
The Ponemon Institute has collaborated with nCipher Security, an Entrust Datacard company and world leader in hardware security modules (HSMs), on this multinational survey of how and why organizations deploy encryption, now in its fifteenth year.
Legal regulations and high awareness for security
With the increasing use of cloud and IoT technologies, two thirds (66%) of German respondents have introduced comprehensive encryption strategies, while a further 28% encrypt individual applications or data types. This means that, together with the USA, Germany continues to occupy a leading international position in data security.
For German security managers, the study found the most important driver for the use of encryption is compliance with guidelines such as the EU General Data Protection Regulation (GDPR) (67%), while for their international colleagues, the protection of personal customer information and intellectual property are the top reasons. In Germany, only 2% of respondents fear damage to their company’s image through public disclosure of data breaches compared with 15% globally.
“Companies today are under massive pressure to protect their business-critical information and applications from a variety of threats. In a successful business location like Germany, awareness of the risks of data theft, data espionage and corrupted information is particularly high, and legal regulations are particularly extensive,” says Bernd Stamp, Security Solution Consultant at nCipher Security. “This explains the predominant position of German companies when it comes to encryption. In addition, positive economic conditions and a generally high level of security awareness favour the establishment of highly secure IT infrastructures in Germany.”
More fear of official data queries and eavesdropping attacks than of hackers
Just like other countries around the world, German respondents place employee mistakes as the biggest threat to data security (49%). Fear of potential threats from lawful data requests (23%) and eavesdropping by authorities and governments (14%) is also particularly high compared to global averages of 12% and 11% respectively. But fear of hackers is lower than the global average (21% versus 29%).
Data discovery is the number one challenge of encryption planning
With the explosive growth and proliferation of data from digital initiatives, cloud use, IoT devices and increasing mobility, 83% of respondents said that data discovery is now the biggest challenge for German companies when planning and executing their encryption plans --this is the highest rate worldwide and 16% ahead of the global average.
Widespread use of hardware security modules for data protection and key management
Hardware security module (HSM) usage is particularly widespread in Germany with 68% of German respondents deploying HSMs to provide a hardened, tamper-resistant environment with higher levels of trust, integrity and control for both data and applications. This is the highest rate worldwide – tied with the United States and the Middle East – a position that Germany holds for the third year in a row. Moreover, 93% of respondents indicate that the importance of HSMs as part of their encryption strategy will increase further over the next 12 months.
HSMs are used more frequently in Germany than in other regions across all types of applications. They play a major role in the encryption of applications (69% vs. 46% worldwide), in PKI/certificate management (68% vs. 30% worldwide), and also in the encryption of public clouds and BYOK concepts (65% vs. 35% worldwide).
Key findings of the 2020 Germany Encryption Trends Study:
- 66% of organizations in Germany indicate they have a consistently applied encryption plan/strategy. This is tied for the top region with USA (global average 48%)
- 67% of organizations in Germany rate ‘To comply with external privacy or data security regulations and requirements’ as a top driver for encrypting data. In comparison to other regions (global average 47%), German security managers tend to orient themselves to external regulations rather than to actual or potential threats.
- When rating the importance of features associated with encryption solutions, nearly every organization (99%, up from 85% last year) in Germany rates enforcement of policy as important, vs. 67% globally. The scalability of a system is also considered crucial: 97% vs. 58% worldwide.
- Another problem lies in unclear responsibilities for key management (worldwide highest rate of 93%, global average: 66%) and a lack of qualified personnel (63% compared to 57% worldwide).
The 2020 Germany Encryption Trends Study is available for download here.
2020 Global Encryption Trends Study methodology
The 2020 Global Encryption Trends Study, based on research by the Ponemon Institute, captures how organizations around the world are dealing with compliance, increased threats, and the implementation of encryption to protect their business critical information and applications. 6,457 IT professionals were surveyed across multiple industry sectors in 17 countries/regions: Australia, Brazil, France, Germany, India, Japan, Hong Kong, Mexico, the Middle East (which is a combination of respondents located in Saudi Arabia and the United Arab Emirates), the Russian Federation, Southeast Asia (Indonesia, Malaysia, Philippines, Thailand, and Vietnam), South Korea, Taiwan, the United Kingdom, the United States and two new regions for the first time, Netherlands and Sweden.