This country also has the highest cloud adoption rate, but deployment and user training posed challenges …

In adjusting to a ‘new work-from-home normal’ as a result of the COVID-19 pandemic, most Hong Kong enterprises have accelerated digital initiatives. This brings even more attention to data protection and encryption strategies, with protection of customer information their number one priority. However, many organizations face challenges deploying encryption technology.

This is what a study by nCipher Security of 267 IT professionals in Hong Kong, based on research by the Ponemon Institute, has unveiled.

The report captures how organizations around the world are dealing with compliance, increased threats, and the implementation of encryption to protect their business-critical information and applications, and for Hong Kong, the report states thatmost enterprises there have an encryption plan in place, but find it difficult to deploy technology and train users.

Among the global markets surveyed—including 6,457 IT professionals in 17 countries/regions—Hong Kong’s enterprise encryption adoption stood as one of the highest rates. Some 60% of Hong Kong companies surveyed say they had a consistent plan or strategy, well above the 48% global average.

Data protection a priority

Protecting personal customer information is the major driver behind the use of data encryption in Hong Kong: 72% of respondents saw it as a priority, 18% higher than the global average. The second driver is intellectual property protection (70%), 18% higher than the global average. Compared to other markets, regulatory compliance mandates were of a lower priority, at 17% below average.

Notably, several types of data are encrypted at a much higher rate in Hong Kong compared to its global peers, including intellectual property (68% vs 49% globally), healthcare information (66% vs. 25% globally) and customer data (52% vs. 44% globally).

Despite active data encryption by enterprises in Hong Kong, many respondents encountered difficulties in deployment (57%) and user training (24%)—both exceeding global averages. With the growing demand for cybersecurity skills, there is a real need for solutions to help ease the burden of deploying effective enterprise-wide encryption.

Key management is critical

The survey shows that rising encryption use intensifies key management challenges, with approximately 60% of Hong Kong firms finding encryption key management to be “very painful”.

Reasons included no clear ownership (73%) and inadequate key management tools (57%). While 40% of respondents believed IT operations have the most influence in directing encryption strategies, nearly a quarter (23%) said no single function is responsible.

In the other areas of technology, cloud adoption was dominant in Hong Kong, with 81% of respondents either currently using cloud computing services with sensitive or confidential data, or planning to do so within the next 12 to 24 months.

While the surge in remote working has increased the risk of data exposure, how are organizations looking ahead? In the near term, over 70% of responding organizations planned to use blockchain, with asset transactions, cryptocurrency/wallets, identity, supply chain and smart contracts cited at the top use cases.

Other much-hyped technologies were not on Hong Kong IT organizations’ near-term radar. Most IT professionals saw the mainstream adoption of multi-party computation at least five years away, with mainstream adoption of homomorphic encryption more than seven years away, and quantum-resistant algorithms over eight years out, all of which are in line with global trends.

Said Dr Larry Ponemon, chairman and founder of Ponemon Institute: “Consumers expect brands to keep their data safe from breaches and have their best interests at heart. Our survey found that IT leaders are taking this seriously, with the protection of consumer data cited as a top driver of encryption growth. Encryption use is at an all-time high right now, with 60% of respondents this year saying their organization has an encryption plan that is applied consistently across the entire enterprise, while a further 30% say they have a limited plan or strategy applied to certain applications and data types.”

“As the world becomes increasingly digitalized, the impact of the global pandemic highlights how critical security and identity have become for organizations and individuals, both at work and at home,” said Michael Tai, area vice president, Greater China region, nCipher Security. “We are glad to see that Hong Kong is one of world leaders in adopting enterprise encryption, despite the challenges they face in terms of deployment and cybersecurity skills shortages.”

Other notable findings

  • Employees were the highest threat to exposing sensitive data (50%), followed by hackers (34%) and system or process malfunction (30%).
  • Intellectual property (68%), healthcare information (66%) and employee/HR records (57%) were most likely to be encrypted, and all at a rate higher than the global average.
  • The least likely data to be encrypted was non-financial business information (27%).
  • Despite 78% being aware of hardware security module (HSMs), only 34% of organizations used them, 14% lower than the global average.
  • The most common HSM use cases were SSL/TLS (46%), and public cloud encryption, including Bring Your Own Key (BYOK), standing at 37%—both similar to global averages.
  • 76% of organizations planned to deploy HSMs for SSL/TLS in the next 12 months, the highest worldwide and 30% higher than the global average.