Private and highly sensitive information of employees such as banking details, human resource (HR) files and personal healthcare records are at risk.
This is according to the finds of the survey titled "The State of Encryption Today"-conducted by Vanson Bourne, an independent market research specialist, for Sophos-which polled 1,700 IT decision makers of mid-sized businesses in the United States, Canada, India, Australia, Japan, and Malaysia regarding their encryption habits, concerns and plans.
According to the survey, employees' data are not protected at the same level with the businesses' customers. The survey reported that 31 percent of the companies do not always encrypt the bank details of the employees. Aside from that, businesses surveyed also fail to consistently encrypt the HR files (43 percent) and healthcare information (47 percent) of their employees.
Among the surveyed markets, employees in the US are the most protected, with 79 percent of companies saying they always secure the bank details of their staffs. In Japan, however, nearly half (48 percent) of surveyed organisations do not always encrypt the bank details of the employees.
Aside from employees' data, information of some companies is also at risk. Nearly one-third (30 percent) of the companies surveyed fail to always encrypt their corporate financial information, while 41 percent inconsistently encrypt files that contain valuable intellectual property.
Meanwhile, cloud data security also drives the adoption of encryption.
More than eight in 10 businesses (84 percent) expressed concerns about the safety of the data stored in the cloud. While majority of the respondents (80 percent) are using cloud storage, only 39 percent encrypt their files stored in the cloud.
In Malaysia, only 17 percent of companies surveyed encrypt all files in the cloud.
"Data breaches happen to large and small companies every day, and the last line of defence against that breach turning into a corporate crisis is a comprehensive data encryption policy," said Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos. "While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it," he explained.
"The State of Encryption Today survey confirms that while encryption is widely used and accepted by businesses, it also highlights critical gaps," added Schiappa. "Unfortunately, I am not surprised by the findings because too many people mistakenly believe that encryption is too complicated or too expensive to implement. The reality is that modern, next-generation encryption solutions can be easy to deploy and quite cost-effective," he said.
Sign up for CIO Asia eNewsletters.