Industries disagree on encryption

Pfungstadt, July 18, 2024 - Retailers in Germany have to deal with a gap between desire and reality when it comes to data protection. This was the result of a survey conducted in Germany in the second quarter of 2024 by encryption company eperi. Across all industries and organizational sizes, 67.5% of the companies surveyed encrypt their sensitive data. The retail sector is different: here, only 30% of retail companies state that they encrypt their sensitive data to protect it from misuse. At the same time, legal security plays an above-average role for management in the retail sector at 62.5% - the average figure for all sectors is 43%.

Accordingly, legal requirements such as NIS2, a European directive on cybersecurity compliance that will be binding for EU member states from October 17, 2024, appear to be more important for the retail sector than for other industries. Consequently, 75% of German retail companies also attach great importance to ensuring that only their own company - and not the cloud provider - has access to the key used to encrypt company data.

Andreas Steffen, CEO of eperi: “The results of our survey show that although there is awareness of the need for serious data encryption, the appropriate consequences are still not being drawn in some places, particularly in the retail sector. We are taking this as an opportunity to continue our educational campaign on effective encryption techniques for the cloud.”

According to the eperi survey, 86.5% of all companies use cloud services - and almost 95% of the highly regulated banking and insurance sector. Companies therefore primarily expect encryption of their sensitive data to provide protection against cybercrime (56%) and compliance with the GDPR (51%). At an average of 27%, the goal of achieving internal company security standards through encryption is far behind. This could indicate that the legal minimum standard is considered sufficient. Risks resulting from this minimum standard are apparently accepted.

When looking at the individual sectors, 68% of banks and insurance companies hope that data encryption will provide reliable protection against espionage and for 47%, encryption plays an important role in terms of compliance with general security certificates. The same applies to industry, 57.4% of which would like to protect themselves from government and industrial espionage and comply with the GDPR by using encryption technology. The low interest in using encryption to achieve digital sovereignty - for example in the cloud - is striking in the average value and also when looking at company sizes and sectors. Overall, only 36.5% pursue this goal, although Bitkom or the BSI demand and promote this topic.

“It has been shown that the majority of companies are aware of their responsibility, as only 13% stated that their cloud provider is solely responsible for data security,” Andreas Steffen is pleased to report. “33.5 percent see this task as a shared responsibility, with 50 percent each on the provider and company side. Ultimately, however, companies are 100% responsible for data security. This makes it all the more important to establish a long-term encryption phalanx to improve data protection in the cloud.”