Governments and large organisations in almost every sector in the region have sustained damage from cyber-attacks, with one attack in particular on two Middle Eastern banks resulting in a direct financial loss of $45m.

According to the latest 2016 Global Encryption Trends Study: Middle East, based on independent research by the Ponemon Institute and sponsored by Thales, global provider of critical information systems and cybersecurity, 45% of respondents either don’t have an encryption plan or strategy, or have a limited encryption strategy for certain types of sensitive data, such as Social Security numbers or credit card accounts.

A large proportion of respondents (75%) embrace some type of encryption strategy, meaning the use of encryption continues to grow in response to privacy compliance regulations, consumer concerns and cyber-attacks. The majority of organisations plan to transfer sensitive data to the cloud within the next two years, or already do so, indicating an awareness to address the issue.

Peter Galvin, vice president strategy at Thales e-Security, says: “The proliferation of data that is occurring with increased connectivity, larger numbers of endpoint devices and greater use of the cloud, means we would expect most organisations to have an encryption strategy applied consistently across the entire enterprise, yet results show that just over half do. In terms of protecting data, encryption is widely accepted as best practice, yet many firms are still clearly vulnerable and in a position of weakness. Well-implemented encryption and reliable key management, as provided by Thales hardware security modules (HSMs), are fundamental to the securing of critical applications and it is becoming ever more vital in the protection of sensitive and crucial information.”

The report also uncovered other interesting facts from those taking part, for example, discovering where sensitive data resides in the organisation is the biggest challenge to a successful encryption strategy (54% of respondents).  In addition, human resource data are the most likely data type to be encrypted, suggesting that encryption needs to be addressed by companies of all types.  Support for cloud and on-premise deployment, and system performance and latency are considered the two most important features of encryption; and  IT operations (32% of respondents) and IT security (25%) have most influence in directing encryption strategies.

Dr Larry Ponemon, chairman and founder of The Ponemon Institute, says:  “The findings of this year’s study demonstrate the importance of both encryption and key management across a wide range of core enterprise applications – from networking, databases and application level encryption to PKI, payments, public and private cloud computing and more. We would certainly expect encryption coverage to increase as Middle Eastern organisations understand how important the process has become.”