Corporate investment this year in data protection is likely to increase 20.2 percent year-on-year, following revisions made to the Personal Information Protection Act (個人資料保護法) last year that require companies to secure employee data, the Market Intelligence and Consulting Institute (MIC, 產業情報研究所) said yesterday.
While only a few enterprises are currently engaging in such spending, the growing demand to secure companies’ data or customers’ personal information will drive growth in the nation’s information security market in the long term, the institute said.
Based on a survey conducted by MIC, larger enterprises are planning to invest up to NT$1.23 million (US$41.3 million) this year in data-protection technology.
MIC forecast Taiwan’s information security device market would expand at a compound annual growth rate of 14.6 percent to a market value of NT$3.63 billion in 2015, it said in an e-mailed statement.
However, MIC e-commerce market analyst Hu Tzu-li (胡自立) said a majority of enterprises still adopt a “wait-and-see” position and the market is not expected to expand rapidly until the penetration rate of handheld devices grows to where it drives up demand for “mobile” personal information security.
Of the 5,000 enterprises who participated in the survey and had annual sales of more than NT$100 million in 2008, 22.5 percent acquired information security tools after the law was revised, while 23.1 percent had not yet adopted any measures, MIC said.
Of these companies, 52.9 percent said that their investment was aimed at providing training to educate staff about the importance of information security.
Of participants in the survey, 42.4 percent said they had formalized procedures for collection, organization and proper use of personal data, while 30.4 percent said mechanisms had been put in place to prevent, report or react to incidents where personal information could be compromised, the survey said.
Though only 12 percent of large enterprises had formulated processes for mobile personal information protection, more than 60 percent said that employees’ increasing use of their own devices in the workplace — known as the “Bring Your Own Device” approach — had forced many employers to increase investment in mobile data protection.
“Despite only 3.6 percent of enterprises encountering mobile information security incidents, up to 85 percent of enterprises believe that ‘Bring Your Own Device’ will further complicate management of mobile data protection,” Hu said.
“As handheld devices become more powerful and can quickly stream large amounts of data, company spending on mobile information protection is certainly going to increase proportionally,” he added.
According to the survey, of the 3.6 percent of enterprises that have suffered from mobile information security incidents, 42.1 percent of them cited loss of mobile devices as the cause, while 36.8 of them said confidential data were leaked by employees and 31.6 percent said leaked data were saved in pictures taken with mobile devices.
The biggest challenges to effective mobile information security were named as “identity checking” by 43.8 percent of enterprises, “online data storage” by 42.4 percent and “credential information encryption” by 25 percent, MIC said.