Press Release: Ponemon Institute Unveils Inaugural Study on Enterprise Encryption Trends in Australia

56 percent of Australian Organisations Experience a Data Breach; 25 percent of Organisations Expect to Deploy a Single Enterprise-Wide Key Management Solution in 2008

Sydney and Menlo Park, CA, 18 November, 2008 – PGP Corporation, a global leader in enterprise data protection, today announced the results from its inaugural Australian study by The Ponemon Institute© identifying key areas of focus in enterprise encryption use, planning strategies, budgeting and spending, deployment methodologies, and impact on data breach incidents. The key findings of the 2008 Annual Study: Australian Enterprise Encryption Trends demonstrate organisations continue to move towards a more strategic approach to encryption including a larger focus on key management, especially those companies identified as having the most effective IT organisations. The study supports the same trend that is occurring throughout other world markets: as the awareness of data breaches grows and the likelihood of government action increases, businesses will most certainly increase their use of encryption.

“Individual, point solutions for encryption have been around for years, yet the implementation, management and scalability have too often been inhibitors to their use in corporate environments. Without the proper integration, key management and policy procedures of these solutions, enterprises continue to suffer data breaches,” said Phillip Dunkelberger, president and CEO of PGP Corporation. “What this first study of Australian companies by the Ponemon Institute shows is that the companies who take a strategic, platform approach that allows for the management of all your encryption applications can reduce their chances of a breach.”

The study shows that 56 percent of organisations surveyed suffered at least one data breach over the last 12 months with 28 percent of organisations suffering two or more breaches during the same time period. However, an emerging trend appears to show that organisations with an enterprise encryption strategy lowering the rate of data breaches. This demonstrates that an encryption strategy, especially one implemented across the enterprise, can reduce the costs and brand damage associated with data breaches and likely leads to a more profitable business.

The study of nearly 405 Australian-based IT and business managers, analysts and executives (27 percent at the director or higher), identifies a new trend that shows organisations with a more strategic, enterprise-wide approach to encryption have experienced fewer data breaches. In response to increasing demands for data security, nine percent of organisations surveyed now have an encryption strategy applied consistently across the organisation.

“This study continues to break new ground in identifying enterprise IT security trends,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “Businesses in Australia have grappled with the new realities of data breaches over the past 12 months. In response, organisations are spending significant portions of their encryption budgets on key management and are looking for more complete solutions from a single vendor instead of point products. With more organisations experiencing data breaches, those who deploy a strategic encryption solution, like the PGP® Encryption Platform, reduce their risk.”

Other key findings in the Australian research report include:

• Encryption use across multiple applications grows. Respondents reported the consistent encryption of laptops, emails, file servers, and backup tapes varied across applications. In the wake of publicised data breaches, tape backup and laptop encryption were used most often, with 30 percent and 20 percent of organisations respectively using these encryption methods most of the time, while only seven per cent of organisations surveyed used email or file server encryption.
• Key management is more frequently budgeted for in 2008 as organisations seeking to reduce operational costs prefer to choose just one enterprise vendor. Organisations surveyed on average plan to spend 27 percent of their total encryption budget on key management solutions:
  • o 62 percent of organisations expect their key management investments to reduce the overall operational costs of enterprise data protection.
  • o Eight percent of organisations expect key management to increase the operation cost of enterprise data protection.
• Organisations are seeking a platform approach. Respondents were interested in a platform approach, with at least 56 percent rating five fundamental characteristics as important or very important. As described in the survey, a platform enables an organisation to centrally manage and deploy multiple encryption applications with consistent policy enforcement. Respondents from the most effective security organisations were much more interested in a platform strategy than those from less effective organisations.
• Need for single enterprise encryption vendor begins to emerge. While encryption use across applications varies significantly, organisations are beginning to select a single enterprise vendor for their key management needs. The survey showed some 25 percent of organisations expect to deploy a single enterprise-wide key management solution or deploy a single vendor’s key management solution for different purposes in 2008. Twenty-two percent of organisations are seeking a tactical key management solution for just one encryption application.

Finding that organisations with enterprise-wide encryption strategies are reducing the risk of data breaches and organisations overwhelming prefer a platform approach to encryption is significant in the evolution of data security. The increased interest in automated policy enforcement, single administration interface, and comprehensive key management continue to favour adoption of an encryption platform solution. The preference for adopting this approach to managing multiple encryption applications from a single console continues to mirror the progression seen with other important enterprise applications such as ERP and CRM.

The inaugural Australian study comes after the Ponemon Institute published the second annual report covering Encryption Trends in the United States earlier this year.

For more information or to receive a copy of this study, visit: http://www.pgp.com/insight/research_reports/index.html

About The Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About PGP Corporation
PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP® solutions are used by more than 80,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune® 100, 75 percent of the Fortune® Global 100, 87 percent of the German DAX Index, and 51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies’ brands and reputations. Contact PGP Corporation at www.pgp.com.

Media & analyst contact for PGP Corporation:
Australia:
Karin Krueger
KDK Media
+61 (2) 9979 3718
karin@dkdkmedia.com.au

United Kingdom:
Jacqui Depares / Richard Scarlett
Johnson King
+44 (0) 20 7401 7968
pgpteam@johnsonking.co.uk

Germany:
Ingrid Daschner
Johnson King
+49 (0) 89 8940 8511
ingridd@johnsonking.de

North America:
Tom Rice
Merritt Group
+1 703 856 2218
rice@merrittgrp.com

Legal Notice Regarding Forward-Looking Statements
Some of the statements in this press release are forward-looking, including statements regarding the availability, plans, delivery, goals, development, expected features, expected benefits and competitive position of PGP products implementing or leveraging the PGP technologies. All references made to product feature enhancements, improvements in Platform support or additional functionality are subject to change at PGP Corporation’s sole discretion. All future descriptions of PGP technology and products are subject to availability only if PGP Corporation decides to build them and when PGP Corporation decides to make them commercially available. Actual results could differ materially from those expressed in any forward-looking statements. Risks and uncertainties that PGP Corporation faces that could cause results to differ materially include risks associated with any unforeseen technical difficulties or software errors related to the final development and launch of any of PGP Corporation’s products; any technological, regulatory, or standards changes in the security, encryption and authentications market which could make PGP Corporation’s products less competitive or require feature changes in these products; any slowdown in the adoption by businesses of encryption suites, secure email, Internet technologies or related standard. The forward-looking statements contained in this release are made as of the date hereof, and PGP Corporation does not assume any obligation to update such statements nor the reasons why actual results could differ materially from those projected in such statements.

PGP and the PGP logo are registered trademarks of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners.