More than nine in ten Australians surveyed for Gemalto\u2019s Data Security Confidence Index say organisations should be encrypting the data they hold, although fewer than one in 10 say they have a complete understanding of what encryption does.\nAccording to the annual research report \u2013 the fifth published by the security firm \u2013 around a third (32 per cent) of the consumer respondents said encrypting customer data was \u2018critically important\u2019 with a similar number (30 per cent) saying it was \u2018very important\u2019.\n \nDespite their desire for companies to encrypt their data, only nine per cent claimed to have a complete understanding of what encryption does. However, around half overall had at least some understanding.\n \nThe consumer element of the report is based on a survey of 10,500 consumers globally including 1000 in Australia.\n \nWhen asked to pick the best definition of encryption from a list of options, globally more than half of respondents picked correctly. Some 17 per cent thought it related to the use of human features such as fingerprints or facial recognition to access data, 16 per cent thought it was a password rotation system and 13 per cent believed encryption to be the pin number prompt when making a payment online.\n \n\u201cWhile consumers feel that they have some knowledge about encryption, it\u2019s clear that there is still plenty of room for education in this particular area,\u201d the report stated.\n \n\u201cNot all organizations are encrypting their sensitive data types, but they should be for their security needs, as well as to meet consumer desires,\u201d it added.\n \nOverall, only half (52 per cent) of Australian consumers said they trusted businesses to store and manage their personal data.\n \nIT decision makers \u2013 of which 1050 were surveyed, including 100 in Australia \u2013 were more confidentin their own organisations ability to protect their personal data if they were a customer, with 93 per cent saying they trusted their employer.\n \nTheir faith may be misplaced however, with 45 per cent of Australian organisations reporting that their entire network can be accessed by unauthorised users.\nSeven in 10 said they encrypted payment data, 67 per cent encrypted customer information and 60 per cent did so for employee records.\n \nWhen asked what percentage of data in their organisations\u2019 last breach was encrypted, 27 per cent said it was five to 10 per cent, and 36 per cent said it was between three and four per cent. Overall the average amount protected by encryption was 9.81 per cent.\n \nCompliance confidence\nAustralian organisations need to comply with two major new regulations regarding data. The first is theEuropean Union\u2019s General Data Protection Regulation (GDPR), which came into in May and applies to any Australian business that has European customers.\n \nIn February,Australia\u2019s data breach notification regime took effect, obliging most major Australian businesses to notify their customers and the Office of the Australian Information Commissioner of serious data breaches.\nLocal organisations are not faring well in complying with these new laws. Just half (48 per cent) of Australian businesses currently have policies and procedures in place for how sensitive information should be protected in line with legislation, compared with 60 per cent globally.\n \n\u201cIt\u2019s time organisations got their houses in order; starting with who oversees their data security. A central figure such as a Data Protection Officer \u2013 essential in some circumstances under GDPR \u2013 must be appointed to the board to lead data security from the top down. Next is having more insight and analysis on the data collected to ensure that it is both correctly protected and enabling more informed business decision making,\u201d said Gemalto CTO for Data Protection Jason Hart.\n \n\u201cFinally, a mindset change. Organisations must realise that it\u2019s no longer a case of if, but when a breach occurs, and protect their most valuable asset \u2013 data \u2013 through encryption, two-factor authentication and key management, rather than solely focusing on perimeter protection.\u201d\u201d\n \nNotably, although Australian IT professionals were the most likely globally to believe unauthorised users can access their corporate networks in any way, they were also the most confident thattheir data would be secure once a hacker was on the inside.