Workers Routinely Dodge Security Policies

Workers Routinely Dodge Security Policies

Lack of Email EncryptionLack of Email Encryption

30% of respondents cannot encrypt email, a finding similar to last year’s 28%. Furthermore, 33% of respondents are not confident in their company’s email encryption policy.

Email Encryption BudgetsEmail Encryption Budgets

42% of respondents said their company will spend at least $10,000 during 2015 on email encryption.

Mobile Encryption LackingMobile Encryption Lacking

86% of respondents said their organization permits employees to use mobile devices for email, but of those who can encrypt email and allow email use on mobile, 36% cannot directly send and receive encrypted email from their mobile email client.

Smaller Organizations, Greater Email RiskSmaller Organizations, Greater Email Risk

47% of respondents from small organizations said email encryption is not enabled on mobile compared to 31% for large organizations.

Lackluster Compliance ConfidenceLackluster Compliance Confidence

50% of respondents believe it is “somewhat likely” their company may be selected for a compliance audit within 2015. And 60% admit they are only “somewhat confident” their organization would pass such an audit.

Efforts to Reduce RiskEfforts to Reduce Risk

66% of respondents said their organization is training employees to improve compliance and security policy adherence.

How to Reduce RiskHow to Reduce Risk

43% said their companies use technology to monitor and report security risks. 50% said they are communicating more about their policies.

HIPAA/HITECH'S LongtailHIPAA/HITECH’S Longtail

70% of respondents said their organizations have a business relationship with a health care entity and also process Protected Health Information (PHI). 25% are either not a HIPAA business associate or were unsure if they are, however.

Unclear HIPAA Business Associate AgreementsUnclear HIPAA Business Associate Agreements

HIPPA regulations define business associates as downstream entities, such as subcontractors, data backup companies and personal health record providers. 40% of respondents had either not been asked to sign a business associate agreement, or were unsure whether they had done so, putting health care entities they work with at risk for noncompliance.

Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles