Who can you trust?

Good data about the information security market and the threats that it addresses is hard to find. It seems to be even harder to get reliable and accurate data. How many businesses encrypt their laptops? Two recent surveys gave very different estimates for this. One estimated 20 percent, the other estimate 50 percent. They can't both be right.

The estimate of 20 percent comes from page 13 of the report 2008 Annual Study: U.S. Enterprise Encryption Trends. This report summarizes the results of surveys done by the Ponemon Institute on behalf of PGP which surveyed 975 people. This report estimates that 20 percent of businesses encrypted mobile data most of the time in 2008. That probably includes more than just laptops. Things like USB drives and other portable storage are probably part of this category too. When we're looking at laptops, we also don't have to worry about the odd wording about using the technology "most of the time." Laptop encryption isn't something that you turn on and off; it's always on.

The estimate of 50 percent comes from page 11 of the 2008 edition of The Global State of Information Security. This report summarizes the results of surveys done by a combination of PricewaterhouseCoopers, CIO and CSO magazines that surveyed 7,000 people. This report estimates that 50 percent of businesses use laptop encryption, so we don't need to worry about the number being not quite what we’re looking for.

Both of these estimates can't be right. I'd bet that the Ponemon Institute's survey is the one that's wrong, and this is just based on the cynical "follow the money" reasoning. After all, PGP sells full disk encryption, and has an incentive to make things sound worse than they really are to encourage interest in their products, and they probably had a role in designing the survey. PricewaterhouseCoopers is an accounting and auditing firm, who has more of an incentive to do an independent and unbiased survey, as do CIO and CSO magazines. The PricewaterhouseCoopers survey also polled many more people than the Ponemon survey did, so it's probably more likely to be accurate.

The Ponemon report also estimates that only 17 percent of businesses encrypt their email. Any guesses as to what the true number really is?

Leave a Reply

Your email address will not be published. Required fields are marked *