Study finds 56% of U.S. business managers disable laptop encryption,
increasing risk of data and identity theft
VANCOUVER, BC, and TRAVERSE CITY, MI, Jan. 13 /CNW/ - Absolute(R)
Software Corporation and the Ponemon Institute today announced the findings of
a new study on the use of encryption on laptops by employees within
corporations in the U.S. The study, "The Human Factor in Laptop Encryption: US
Study," revealed that more than half (56%) of business (non-IT) managers
polled, disable the encryption solution on their laptops. Ninety-two percent
of IT security practitioners report that someone in their organization has had
a laptop lost or stolen and 71% report that it resulted in a data breach.
Results indicate that it is employee behavior that undermines data protection
efforts in corporate America. Companion studies of UK and Canadian companies
are also available.
"The data suggests that, because of user behavior, encryption alone is
not enough to protect mobile devices and the sensitive data stored on them,"
said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "These
statistics are especially disconcerting when combined with our recent studies
demonstrating that lost or stolen laptops are the number one cause of data
loss, with 3 out of 4 companies experiencing a data breach when a laptop has
been lost or stolen."
The report shows that many business managers fail to take necessary
precautions to secure their laptops, such as using additional security
solutions, and instead are overly dependent on their encryption solutions to
protect the sensitive data on their laptops.
"The Human Factor in Laptop Encryption: U.S. Study" key findings include:
- 92% of IT security practitioners report that someone in their
organization has had a laptop lost or stolen and 71% report that it
resulted in a data breach;
- 56% of business managers have disengaged their laptop's encryption;
- Only 45% of IT security practitioners report that their organization
was able to prove the contents of missing laptops were encrypted;
- Only 52% of business managers - employees most likely to have access
to the most sensitive data (personally identifiable information
and/or intellectual property) - have employer-provided encryption;
- 57% of business managers either keep a written record of their
encryption password, or share it with others in case they forget it;
- 61% of business managers share their passwords, compared to only 4%
of IT managers; and,
- Business managers are much more likely than IT security practitioners
to believe encryption makes it unnecessary to use other security
measures for laptop protection.
In the event of a theft, companies relying solely on encryption cannot be
sure whether all stored data on a laptop has been encrypted, if it has been
compromised, or even which files have been accessed by thieves. This can leave
corporations with gaping holes in their security efforts, and risk exposing
the company, employees, customers and consumers to data and identity theft. To
help solve security risks that encryption alone cannot adequately address,
companies can employ a security solution that can locate a stolen or lost
laptop, detect which data has been accessed, and remotely delete sensitive
"This research highlights what Absolute has long-emphasized: while
encryption technology provides a high-degree of data protection, it must be
complemented by additional security layers that are not dependent on the
diligent behavior of corporate employees," John Livingston, chairman and CEO
of Absolute Software said. "If I were tasked with data security, I would read
this study in detail and immediately assess my company's data protection
strategy, especially if I was reliant solely on encryption. Corporations may
incorrectly assume that since it is company policy to encrypt mobile data,
they are not at risk for a data breach. With more than half of business
managers disabling their encryption solutions, companies are left incredibly
vulnerable to theft and data loss if they do not utilize additional layers of
security, such as those offered by Absolute."
Highlights and the complete reports for "The Human Factor in Laptop
Encryption" studies for the U.S., U.K. and Canada can be found at:
For more information on Absolute Software and its range of computer theft
recovery, data protection and IT asset management solutions, please visit:
www.absolute.com or www.lojackforlaptops.com.
For a complete list of firmware-supported computers visit
About the Ponemon Institute
The Ponemon Institute(C) is dedicated to advancing responsible
information and privacy management practices in business and government. To
achieve this objective, the Institute conducts independent research, educates
leaders from the private and public sectors and verifies the privacy and data
protection practices of organizations in a variety of industries.
About Absolute Software
Absolute Software Corporation (TSX: ABT) is the leader in computer theft
recovery, data protection and Secure Asset Tracking(R) solutions. Absolute
Software provides organizations and consumers with solutions in the areas of
regulatory compliance, data protection and theft recovery. The Company's
Computrace(R) software is embedded in the firmware of computers by global
leaders, including Dell, Fujitsu, General Dynamics Itronix, HP, Lenovo,
Motion, Panasonic and Toshiba, and the Company has reselling partnerships with
these OEMs and others, including Apple. For more information about Absolute
Software and Computrace, visit www.absolute.com and http://blog.absolute.com.
This press release contains forward-looking statements that involve risks
and uncertainties. These forward-looking statements relate to, among other
things, the expected performance of our services and products, the
effectiveness of particular computer security technologies, and other
statements of intentions and plans contained in this press release that are
not historical fact. When used in this press release, the words "plan,"
"expect," "believe," and similar expressions generally identify
forward-looking statements. These statements reflect our current expectations.
They are subject to a number of risks and uncertainties, including, but not
limited to, changes in technology and general market conditions. In light of
the many risks and uncertainties you should understand that we cannot assure
you that the forward-looking statements contained in this press release will
be realized. Previous successes, timeliness or performance levels of
Absolute's products and services do not guarantee future successes, timeliness
or performance levels. Any statistics or studies referenced herein are not
predictors of future trends.
(C)2009 Absolute Software Corporation. All rights reserved. Computrace,
Secure Asset Tracking and Absolute are registered trademarks of Absolute
Software Corporation. LoJack is a registered trademark of LoJack Corporation,
used under license by Absolute Software Corporation. LoJack Corporation is not
responsible for any content herein. All other trademarks are property of their
respective owners. Computrace U.S. patents No. 5,715,174, No. 5,764,892, No.
5,802,280, No. 5,896,497, No. 6,244,758, No. 6,269,392, No. 6,300,863, and No.
6,507,914. Canadian patents No. 2,284,806 and No. 2,205,370. U.K. patents No.
EP793823 and No. GB2338101. German patent No. 695 125 34.6-08. Australian
patent No. 699045. Japanese patent No. JP4067035. The Toronto Stock Exchange
has neither approved nor disapproved of the information contained in this news
For further information:
For further information: Public Relations: Leslie Campisi, Affect
Strategies, firstname.lastname@example.org or (212) 398-9680 x144; Investor
Relations: Dave Mason, CFA, The Equicom Group, email@example.com or
(416) 815-0700 x237; Ponemon Institute: Mike Spinney, firstname.lastname@example.org,