Forrester Research and RSA Security report: Creating a security policy is still the biggest nightmare for CSOs. Fifty-five percent of respondents have data security policies that are either outdated or require significant changes. Sixty-two percent of those surveyed either do not have an encryption policy or strategy at all, or consider their strategy incomplete because it only covers data at rest or data in transit, but not both. The biggest challenge in encryption is key management, respondents said, and most still use manual processes for key management.”]
Source: https://www.darkreading.com/analytics/enterprises-wrestle-with-security-policies