At the beginning of the year, Defence Minister Jean-Yves Le Drian announced France was hit by around 24,000 cyber-attacks in 2016, with the country’s biggest bank, BNP Paribas, amongst the affected. The attack not only disrupted one of the largest financial institutions in the industry, but also opened the eyes of many other businesses to the disruption cyber-attacks bring.
With this in mind, it’s no surprise that organisations across the country have been increasing the adoption of encryption technologies, taking measures to protect their data from both internal and external threats.
In fact, the French edition of our Encryption Trends Study found that 42 per cent of respondents now have a comprehensive encryption strategy in place, a figure marginally higher than the global average.
A worldwide comparison
However, while some of the report’s findings highlighted France’s synchronisation with the rest of the world, there are a number of differences, both positive and negative, when it comes to threat perspectives and key encryption influencers.
While encryption is increasingly considered a necessity for protecting critical data, French organisations allocate just 12 per cent of their IT security budget to encryption – the lowest figure of any country surveyed.
But, there are some very positive signs. For example, business unit leaders were revealed as having the most influence in directing data protection strategies. This indicates data protection is a priority for the whole business, and not simply a concern for the IT department. Combine this with the fact that encryption deployment grew the most year-on-year in internal networks, backups / archives and big data, and it shows a promising shift in how French organisations are viewing the importance of encryption as a prevention technique.
External vs. Internal
Although the vast majority of countries admitted concerns around employee mistakes leaving them vulnerable to data attacks, just 26 per cent of French organisations listed this as a top threat, the lowest rating of all countries in the survey. Instead, businesses reported a higher than average concern over system and process malfunctions, external hackers and temporary or contract workers.
Considering 76 per cent of respondents cited tamper resistance by dedicated hardware (e.g. HSM) as one of the most valued features for encryption solutions, it would appear French companies are more concerned about physical attacks on encryption hardware. This comes as no surprise, due to the increase in high-profile data hacks over the last few years, all heavily covered by news outlets around the world. At 21 per cent higher than average, the figure could also indicate a concern about insufficient physical security for data centres than in other countries.
Keep cloud conscious
As businesses continue to move more and more data into the cloud, it’s to be expected that securing these platforms and technologies also moves up the boardroom agenda. Our study revealed French companies are less willing to transfer sensitive or confidential information to the cloud, especially if it’s not encrypted. While the global average is a rate of 53 per cent, France sits at the second lowest, with a rate of 37 per cent, with only Germany underneath it.
Organisations also continue to show a preference for control over encryption when using the cloud, with 41 per cent performing encryption on premise prior to sending data to the cloud with keys that they generate or manage. Just 20 per cent of businesses were willing to allow encryption to occur in the cloud, however still with keys that are generated or managed on their own premise.
The results of our Encryption Trends Study go a long way to demonstrate the dedication French organisations have in using encryption as a means of data protection. The findings indicate a higher than average use of encryption for customer information, intellectual property and finance records, with 56 per cent also encrypting payment data – all extremely important data types.
While it’s certainly positive to see almost half of respondents with a strategy already in place, there is still more to be done in the war against cybercrime. The risk of falling victim to a data breach can easily reap devastating effects to a company, making encryption of paramount importance.
Failure to do so not only comes at a risk to one of a business’s key assets – data, but also at something that is much harder to rebuild – reputation.