67% of French Organisations Hit By One or More Data Breach Incidents Within Last...

67% of French Organisations Hit By One or More Data Breach Incidents Within
Last Twelve Months
Research from Ponemon Institute Reveals that only 9 Percent of Respondents
have an Overall Encryption Plan or Strategy Applied Consistently across the
Enterprise

PARIS and MENLO PARK, Calif., Sept. 9 /PRNewswire/ -- PGP Corporation, a
global leader in enterprise data protection, has announced the results of its
inaugural annual study by The Ponemon Institute, identifying the steps French
organisations are taking in order to safeguard their confidential data.  The
2009 Annual Study: France Enterprise Encryption Trends study, which polled 414
IT security professionals at enterprises and public sector organisations,
found that 67 percent of French organisations have been hit by at least one
data breach incident within the last year, with 18 percent having been hit by
more than five incidents.  A massive 92 percent of the data breaches were
never disclosed as there was no legal or regulatory requirement to do so.
Despite the large number of data breach incidents, 71 percent responded that
data protection was a 'very important' or 'important' part of their risk
management strategy, with protecting sensitive or confidential information in
motion (transfer) or at rest (storage) their top priority.

"It is very encouraging to see that 71 percent of respondents view data
protection as a critical part of their overall risk management plan," said Dr
Larry Ponemon, Chairman and founder of The Ponemon Institute. "However, the
low percentage of French organisations having an overall encryption strategy
in place or using a platform approach to encryption suggests that there are
still considerable improvements to be made. The focus for 2010 needs to be on
applying a strategic approach to data security across the enterprise."

The following provides an overview of the key findings of the 2009 France
Encryption Trends report:
    --  Only 9 percent of organisations have an overall encryption plan or
        strategy that is applied consistently across the entire enterprise. 
        Forty-five percent have no encryption plan or strategy whatsoever
while
        the remaining 46 percent adjust their encryption plan to fit different
        applications and data types, or use encryption for certain types of
        sensitive/confidential information such as social security numbers or
        credit card accounts.
    --  Encryption is primarily used to comply with privacy or data security
        regulations (65 percent) or to limit the brand and reputation damage
        linked to data breaches (43 percent). With regard to the regulations
and
        regulatory bodies most influential in organisations' decision to
        implement encryption, the French Data Protection Commission and French
        National Privacy Law come out on top with 66 percent and 62 percent
        respectively. International regulations such as Sarbanes Oxley have a
        very minor impact (4 percent).
    --  Eleven percent of organisations use a platform approach to managing
        encryption solutions across the enterprise.  Eight-two percent of
these
        organisations believe the encryption platform increases the
        effectiveness and efficiency of their IT security programme. Reduced
        operational costs, consistent policy enforcement across applications
and
        integration with third-party encryption applications were specifically
        listed as the primary benefits.
    --  Fifty-six percent of respondents use encryption technology at some
level
        and the remaining 44 percent are in the process of introducing it.
        Encryption is most widely used to protect data on databases, VPNs and
        file servers. Mainframe and USB flash drive encryption are the least
        deployed applications.
    --  Seventy-one percent of organisations have a fully executed or just
        launched implementation of data archive and e-discovery systems
        programme. The figure is just slightly lower for the implementation of
        network-based data leak detection and prevention technologies (70
        percent). More than half of respondents (58 percent) have just
launched
        or fully executed an endpoint device control technology.
    --  Sixty-seven percent of respondents revealed that they had been hit by
at
        least one data breach in the past 12 months. Of the companies that
        experienced 2 to 5 or more than 5 data breach incidents, none of them
        had implemented a company-wide strategy governing the use of data
        encryption technologies.
    --  A majority of respondents (58 percent) believe the ability to install
a
        management infrastructure once, and then add additional encryption
        applications as needed is 'very important' or
        'important'. Other important features include the automation
        of key encryption management activities (55 percent) and enforcement
of
        encryption policy across all applications.
    --  Encryption solutions are seen as a security priority for 39 percent of
        respondents. 29 percent also indicate that key management for
encryption
        solutions is earmarked amongst the security initiatives in the current
        budget and accounts for just over 21 percent of overall spending on
        encryption

    --  Forty-five percent of respondents consider loss or theft of
confidential
        or sensitive data one of the major security threats of the next 12 to
24
        months. Despite this, 68 percent do not encrypt sensitive or
        confidential information on mobile data-bearing devices such as PDAs
and
        smartphones, only 4 percent use encryption on USB flash keys and 47
        percent are 'unsure' or 'not confident' about their
        ability to protect confidential or sensitive information in motion.



"The Ponemon data demonstrates that compliance and fear of reputational or
brand damage are driving French organizations to prioritize data protection,"
commented Phillip Dunkelberger, president and CEO of PGP Corporation.
"Encryption solutions, when coherently and consistently applied across the
enterprise to confidential and sensitive information, can protect data at
rest, in motion and in use."

For more information or to receive a complete copy of this study, visit:
www.encryptionreports.com

About The Ponemon Institute
The Ponemon Institute is dedicated to advancing responsible information and
privacy management practices in business and government. To achieve this
objective, the Institute conducts independent research, educates leaders from
the private and public sectors and verifies the privacy and data protection
practices of organisations in a variety of industries.

About PGP Corporation 
PGP Corporation is a global leader in email and data encryption software for
enterprise data protection. Based on a unified key management and policy
infrastructure, the PGP(R) Encryption Platform offers the broadest set of
integrated applications for enterprise data security. PGP(R) platform-enabled
applications allow organisations to meet current needs and expand as security
requirements evolve for email, laptops, desktops, instant messaging,
smartphones, network storage, file transfers, automated processes, and
backups.

PGP(R) solutions are used by more than 100,000 enterprises, businesses, and
governments worldwide, including 95 percent of the Fortune 100, 75 percent of
the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of
the UK FTSE 100 Index. As a result, PGP Corporation has earned a global
reputation for innovative, standards-based, and trusted solutions. PGP
solutions help protect confidential information, secure customer data, achieve
regulatory and audit compliance, and safeguard companies' brands and
reputations. Contact PGP Corporation at www.pgp.com


    Analyst and Media Contacts for PGP Corporation:
    Carol Pender/Alexandra Radius
    Johnson King
    +33 (0)1 53 16 11 11
    carolp@johnsonking.fr/alexandrar@johnsonking.fr

    North America
    Tom Rice
    Merritt Group
    +1 703 856 2218
    rice@merrittgrp.com
    United Kingdom
    Jacqui Depares / Richard Scarlett
    Johnson King
    +44 (0) 20 7401 7968
    pgpteam@johnsonking.co.uk
    Germany
    Ingrid Daschner
    Johnson King
    +49 (0) 89 8940 8511
    ingridd@johnsonking.de


Legal Notice Regarding Forward-Looking Statements 
Some of the statements in this press release are forward-looking, including
statements regarding the availability, plans, delivery, goals, development,
expected features, expected benefits and competitive position of PGP products
implementing or leveraging the PGP technologies. All references made to
product feature enhancements, improvements in Platform support or additional
functionality are subject to change at PGP Corporation's sole discretion. All
future descriptions of PGP technology and products are subject to availability
only if PGP Corporation decides to build them and when PGP Corporation decides
to make them commercially available. Actual results could differ materially
from those expressed in any forward-looking statements. Risks and
uncertainties that PGP Corporation faces that could cause results to differ
materially include risks associated with any unforeseen technical difficulties
or software errors related to the final development and launch of any of PGP
Corporation's products; any technological, regulatory, or standards changes in
the security, encryption and authentications market which could make PGP
Corporation's products less competitive or require feature changes in these
products; any slowdown in the adoption by businesses of encryption suites,
secure email, Internet technologies or related standard. The forward-looking
statements contained in this release are made as of the date hereof, and PGP
Corporation does not assume any obligation to update such statements nor the
reasons why actual results could differ materially from those projected in
such statements.

PGP and the PGP logo are registered trademarks of PGP Corporation. Product and
brand names used in the document may be trademarks or registered trademarks of
their respective owners. Any such trademarks or registered trademarks are the
sole property of their respective owners.



SOURCE  PGP Corporation

Carol Pender, carolp@johnsonking.fr, or Alexandra Radius,
alexandrar@johnsonking.fr, both of Johnson King, +33 (0)1 53 16 11 11; or
North America, Tom Rice of Merritt Group , +1-703-856-2218,
rice@merrittgrp.com; or United Kingdom, Jacqui Depares or Richard Scarlett,
both of Johnson King, +44 (0) 20 7401 7968, pgpteam@johnsonking.co.uk; or
Germany, Ingrid Daschner of Johnson King, +49 (0) 89 8940 8511,
ingridd@johnsonking.de, all for PGP Corporation