Lack of Encryption the Primary Reason for Sensitive Data Loss

New ESG Study Finds That Organizations Struggle in Their Ability to Assess and Remediate Data Encryption Risks and Policy Violations
SANTA CLARA, Calif., December 8, 2023

Fortanix® Inc., a leader in data security and pioneer of Confidential Computing, today revealed the results of a new study conducted by Enterprise Strategy Group (ESG) titled “Operationalizing Encryption and Key Management.” Among the findings: lack of encryption is the primary contributor to sensitive data loss, even though confidence in cryptographic capabilities is strong. At the same time, encryption is pervasive and on the rise for data at rest, in motion, and in use.

The study surveyed nearly 400 IT, compliance, DevOps, and cybersecurity professionals involved with encryption and data security technologies and processes across the U.S. and Canada. All respondents were from either large/mid-market organizations within industries including manufacturing, financial, technology and healthcare.

The survey found that 90% of respondents agreed that encryption has a positive impact on the various facets of their network security, data security, and overall security, with more than 50% saying it has a significantly positive impact in each of these areas. The report also uncovered that businesses want to encrypt their data, but they often don’t know how. A lack of adequate cybersecurity staff and expertise leads to confusion around where and when to apply encryption, management complexities, and difficulty assessing cyber-security. Similarly, a lack of encryption remained the top reason for data loss for almost 33% of the respondents, and 25% experienced data loss due to policy violations such as small key size.

Ultimately, determining when and where to apply encryption emerged as the most difficult task for tech professionals, indicating the need for solutions that provide consolidated discovery and assessment of cryptographic keys across hybrid, multicloud environments to protect critical assets and enable security, cloud operations, and developer teams to jointly assess risk posture and remediate compliance gaps.

Other learnings into IT professionals' challenges and priorities on encryption include:

  • More than two-thirds (76%) of respondents are aware of post-quantum cryptography (PQC), including 37% already actively testing it and 14% that are currently using it. Costs, budgets, and staffing are the biggest limitations in PQC adaptation.
  • Roughly 81% of respondents said their organizations have dedicated teams to handle encryption, key management, and certificate management, with 63% of those reporting directly into the C-Level.
  • Key management systems, data loss prevention, and hardware security modules are the top three security technologies used by respondents to secure their organization's data. Fewer than a quarter (24%) currently have a single unified key management system in place, although that is expected to grow to 50% soon. Meanwhile, distributed or federated key management system usage will shrink from 74% to just 47%.

“More than 80% of organizations say they have begun or have implemented zero trust technology, but the survey also revealed that they don't always know where to turn when looking to implement the highest level of data security,” said Anand Kashyap, co-founder and CEO at Fortanix. “The truth is, most enterprises lack complete control over encryption keys, creating significant risk. It's paramount these organizations adopt a paradigm shift towards a data-centric security strategy with full visibility and control over their encryption assets.”

“It is no secret that data security is a challenge for many organizations, and this report uncovers some of the reasons why,” said Jack Poller, Enterprise Strategy Group Senior Analyst. “While it's a positive sign that most have confidence in encryption technologies, many don’t know how to implement it in a way that addresses their specific needs. It's apparent that these organizations need to invest in education, staffing, and solutions to get them where they need to be.”

To help organizations with exactly that, Fortanix recently released Key Insight, an industry-first capability within the Fortanix Data Security Manager ™ (DSM) platform to help enterprises discover, assess, and remediate risk across hybrid multicloud environments. The latest addition to Fortanix DSM adds another layer to the platform’s robust capabilities, including enterprise key management, data masking/tokenization, secrets management, code signing, confidential AI and confidential data search.

Download the complete ESG survey.

Additional Resources

About Fortanix

Fortanix’s data-first approach helps businesses of all sizes to modernize their security solutions on-premises, in the cloud, and everywhere in between. Enterprises worldwide, especially in privacy-sensitive industries like healthcare, fintech, financial services, government, and retail, trust Fortanix for data security, privacy, and compliance. Fortanix investors include Goldman Sachs, Foundation Capital, Intel Capital, In-Q-Tel, Neotribe Ventures, and GiantLeap Capital. Fortanix is headquartered in Santa Clara, CA. Fortanix – Look. Know. Further. For more information, visit

Fortanix and Runtime Encryption are registered trademarks of Fortanix, Inc. Fortanix Data Security Manager is a trademark of Fortanix, Inc. All other marks and names mentioned herein may be trademarks of their respective companies.
FIPS 140-1 and FIPS 140-2 TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments

Share this post: