Industry Regulations and State Privacy Legislation Outrank Data Breach Concerns as Top Driver of Encryption Technology Adoption in 2010

Annual Ponemon Institute survey sponsored by Symantec also finds encryption received the largest increase in IT budget earmarks

MOUNTAIN VIEW, Calif. - Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute today released the findings of the 2010 Annual Study: U.S. Enterprise Encryption Trends, which reveals that for the first time regulatory compliance has surpassed data breach mitigation as the top reason why organizations deploy encryption technologies. The report also found that solutions involving encryption have seen the biggest increase in IT budget earmarks over the past year. The fifth annual study on enterprise encryption usage is based on responses from nearly 1,000 senior IT and business managers from 15 different industries. Versions of the study for the UK, France, Germany, and Australia, also supported by Symantec, will be released in the coming weeks.

Click to Tweet: Symantec-sponsored Ponemon research reveals compliance as main driver of encryption adoption: http://bit.ly/9JoM9J

“Given the fact that tough new data protection regulations mandate the use of encryption as a hedge against data breaches, enterprises are under increased pressure to invest in these technologies in order to comply" said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “The HITECH Act and Massachusetts 201 CMR 17 are two examples of regulations which require businesses to encrypt sensitive consumer information or face stiff penalties for non-compliance, the impact of which is reflected in our research.”

Survey Highlights:

* Data breaches continue to be a major concern for organizations and the subset experiencing more than five a year is on the rise. In the past 12 months, 88 percent of organizations surveyed had at least one data breach, up three percent from 2009. That increase is driven primarily by the group that experienced more than five breaches, up three percent from 2009 and 12 percent from 2008.
* The vast majority of organizations continue to adopt encryption: In this year’s study, 90 percent of organizations have completed at least one encryption project. This figure has stayed essentially stable for the past three years (down one point from 2009 and zero points from 2008). Data encryption ranked fifth in implementation among possible options.
* Data protection is increasingly viewed as a mission-critical element of an organization’s risk management efforts. An overwhelming number of respondents – 93 percent – stated that data protection is either a “very important” or “important” part of their risk management efforts.
* Organizations are consistently using the same encryption technologies, but full disk encryption is a growing favorite. Full disk encryption jumped to the number-two spot with a five percent increase from 2009 and remains the fastest-growing technology, with use up 15 percent since 2007.
* Complying with data protection and privacy regulations is becoming more central to organizations’ use of encryption, ahead of mitigating data breaches. This trend indicates that organizations are getting ahead of the curve with their encryption strategy before the breach occurs, not after.
* As a group, solutions involving encryption have seen the biggest increase in IT budget earmarks. Earmarks for encryption solutions are up nine percent from 2009 and 12 percent since 2008. Endpoint security solutions including laptop encryption are up 10 percent from 2009 and 11 percent from 2008. Key management for encryption solutions rose nearly as much, up nine percent from 2009 and 10 percent from 2008.

“All of these factors bolster the argument for organizations to protect their sensitive data with encryption technologies,” said Bryan Gillson, senior director of product management, Symantec. “As companies increasingly rely on outsourcers, cloud-based technologies and mobile solutions, a major side effect is that more data is exposed to loss or theft. Encryption technologies enable organizations to take a more proactive approach to data protection and avoid the heavy fines, brand damage, and operational disruption a data breach can cause.”

About the Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.