• this Ponemon Institute study, sponsored by Zix Corporation, surveys 830 U.S. IT and compliance practitioners in relation to the state of email encryption in the following industries:
  • financial services - 29%;
  • healthcare - 25%;
  • retail - 7%;
  • technology and software - 6%;
  • government - 5%;
  • industrial - 5%;
  • services - 5%;
  • pharmaceuticals - 4%;
  • hospitality - 3%;
  • transportation - 2%;
  • entertainment and media - 2%;
  • communications - 2%;
  • energy - 2%; and
  • other - 4%.

Relevance to Business Activity:

• use of email considerations:
  • how frequently do the following situations occur with the organization:
    • employees ignore policies about emailing unencrypted sensitive or confidential documents through insecure channels - 69%;
    • employees mistakenly send unencrypted confidential information to other recipient(s) outside the workplace - 63%;
    • employees send unencrypted confidential information through insecure email channels - 61%;
    • employees use their personal web-based email accounts to send unencrypted confidential information - 60%;
    • employees open email attachments containing viruses or malware that infect their computer and possibly the organization’s network - 56%; and
    • the organization blocks legitimate emails from being sent to outside parties because of overly restrictive email policies - 48%.
  • rank order of 5 drivers for email encryption in respondents' organization (5 = most important to 1 = least important):
    • company reputation - 2.3;
    • customer or business partner demand - 2.9;
    • industry best practice - 3.2;
    • risk avoidance - 3.9; and
    • regulatory compliance - 4.1.
  • the factors respondents believe are most important when selecting an email encryption solution in their organizations:
    • price - 59%;
    • vendor support - 57%;
    • ease of use for recipients - 46%;
    • ease of management - 445;
    • vendor reputation - 42%;
    • ease of use for sender - 40%;
    • ability to host or manage the encryption solution in the cloud - 39%;
    • ease of installation - 39%; and
    • support for access to encrypted email from mobile devices - 31%.
  • are all messages that require encryption by policy or regulation encrypted:
    • completely certain - 2%;
    • somewhat certain - 14%;
    • somewhat uncertain - 44%;
    • completely uncertain - 21%; and
    • cannot determine - 19%.
  • what is the organization's primary method for delivering encrypted email:
    • push - email is received as an encrypted attachment opened with a password - 48%;
    • attachment - sender manually encrypts an attachment and communicates password separately - 31%; and
    • pull - email is retrieved at a portal using a password - 21%.
  • how important is ease of use for encrypted email recipients and senders:
    • when choosing an email encryption solution, how important is ease of use for encrypted email recipients:
      • very important - 50%;
      • important - 21%;
      • not important - 19%; and
      • irrelevant - 10%.
    • when choosing an email encryption solution, how important is ease of use for encrypted email recipients:
      • very important - 43%;
      • important - 25%;
      • not important - 20%; and
      • irrelevant - 12%.
  • information protection and experience with encryption on mobile devices:
    • is the organization concerned about the loss of information via email on mobile devices:
      • yes - 70%.
    • has the respondent ever attempted to open an encrypted message on a mobile device:
      • yes - 31%.
  • attributions about secure email communications in the workplace:
    • the insecure use of email by employees is one of the main sources of data leakage in the organization - 59%;
    • the growing use of mobile devices in the workplace makes it difficult to secure email communication - 52%;
    • secure email communication is a high priority for the organization - 51%; and
    • the organization has adequate technology solutions for securing sensitive or confidential documents sent through email - 42%.
  • in organizations with email encryption solutions, what is the level of frustration that senders and recipients have with their organization's email encryption solutions:
    • level of frustration that senders have with the organization's email solution:
      • frustrated - 52%;
      • not frustrated - 35%; and
      • unsure - 13%.
    • level of frustration that recipients have with the organization's email solution:
      • frustrated - 57%;
      • not frustrated - 30%; and
      • unsure - 12%.
  • differing beliefs based on roles and responsibilities:
    • 25% of IT and IT security practitioners are completely uncertain and 19% cannot determine if all messages that need to be encrypted by policy or regulation are being encrypted:
      • 14% and 18% of compliance practitioners.
    • compliance practitioners have a significantly higher level of concern about encrypted email coming into their organization that cannot be scanned or archived for e-discovery or compliance purposes;
    • compliance practitioners believe (38%) major security breaches such as Epsilon or Sony have a greater impact on their organization’s use of email encryption than IT and IT security practitioners (24%);
    • 37% of IT & IT security respondents strongly disagree or disagree that their organization has adequate technology solutions for securing sensitive or confidential documents sent through email:
      • 23% of compliance respondents believe this to be the case.
    • 27% of IT & IT security respondents believe built-in encryption networks that allow the automatic exchange of encrypted email with others is an important factor when selecting an email encryption solution:
      • only 16 percent of compliance respondents believe this to be important.
  • recommendations to improve the state of email encryption in organizations:
    • complexity often causes employees to email in an unsafe manner:
      • when choosing an email encryption solution, select a vendor that maximizes ease of use.
    • the use of mobile devices is increasing dramatically:
      • reluctance to open documents on mobile devices because of security concerns and perceived difficulty to retrieve the information can affect productivity:
        • organizations need to address the risk created by mobile devices and find a secure and easy solution for sending and receiving encrypted email.
    • organizations also need to have enforceable policies that inform employees of the dos and do nots of email use:
      • enforcing those policies with a robust and automated email encryption solution would enhance training.
    • consider policy-based encryption solutions to automate the detection and encryption of sensitive information in email;
    • assess the risk caused by unencrypted email usage:
      • based on this assessment, determine the appropriate solution for the organization; and
      • business units most often influence investments in email encryption and decisions are often made on price and vendor support.
    • organizations should consider a greater involvement of IT security in the decisions to help determine the solution that would be secure but user friendly; and
    • to avoid costly fines, understand how regulations regarding the use of email encryption affect the organization:
      • ensure the organization is in compliance with these regulations.

Source Document:

http://www.zixcorp.com/thought-leader/survey/  Registration Required