69 percent of respondents said regulatory compliance was one of their main reasons for using encryption, up five points over 2009 and 25 points from 2006
The regulations with the most impact to drive encryption efforts were state privacy laws such as those in California and Massachusetts, PCI mandates and HIPAA regulations.
The influence of PCI requirements has increased the most over the past four years, rising 49 points from 15 percent in 2007 to 64 percent this year.
63 percent of organizations reported that mitigating data breaches was also a big driver, but that number decreased by four points over the last year and eight points since 2008.
In the past 12 months 88 percent of organizations report that they have had at least one data breach, up by three points since last year.
38 percent of organizations believe encrypting data boosts business partner and customer confidence in organizations’ privacy or data security commitments.
93 percent of respondents said that data protection is either a very important or important part of their risk management efforts.
90 percent of organizations have completed at least one encryption project.
However, among other data protection options, encryption ranked fifth in implementation. Other higher ranking projects: •Data classification (96 percent),Identity and access management systems (92 percent),•Endpoint-based data leak detection and prevention (92 percent),•Network-based data leak detection and prevention (91 percent).
59 percent of this year’s respondents spent only between 5 and 20 percent of their IT budgets on data protection activities.
37 percent of respondents spend less than 5 percent of their IT budgets on encryption solutions.
34 percent spend between 5 percent and 20 percent.