- Grab the Galaxy S25 Edge for $170 off and get a free Amazon gift card - but act fast
- How I learned to stop worrying and love my health tracker
- I found a free iPhone 16 deal that doesn't require a trade-in (and applies to Pro models, too)
- This 77-piece Milwaukee wrench set is still $200 off at The Home Depot
- Nvidia aims to bring AI to wireless
#Infosec2025: Device Theft Causes More Data Loss Than Ransomware
Phishing-related data breaches are the leading causes of data loss, followed by misconfigurations and stolen devices, according to a new survey from data erasure solution provider Blancco.
The firm commissioned research agency Coleman Parkes to survey 2000 cybersecurity, IT and sustainability leaders from large enterprises across several countries and industries about their data security and data resilience practices.
The results, published on June 4 in Blancco’s 2025 State of Data Sanitization Report, showed that 86% of organizations have experienced a data breach over the past three years.
Phishing-related breaches accounted for the most common cause of data loss, mentioned by 54% of respondents. Misconfigurations were also cited as a significant cause of data loss by almost half of the people surveyed (46%), followed by stolen devices or drives with sensitive data (41%).
By comparison, data breaches due to weak and stolen credentials were reported by only 36%, and ransomware by just 32%.
Rising Data Security Investment
In the context of increasingly complex privacy regulations, respondents appear to be willing to invest more in data protection and data loss prevention solutions, with a 46% spike in investment over the past year.
Additionally, 55% of organizations already have policies governing data disposition, while another 42% are in the process of implementing or defining their own policies.
This drive for compliance inadvertently contributes to e-waste, as functional devices and drives are often destroyed to safeguard sensitive data.
Survey respondents indicated that up to 47% of devices destroyed for data security reasons are still functional. Additionally, a concerning 25% of laptops and desktops and 19% of data center assets are refurbished without certified erasure, heightening data loss risks.
This risk is borne out by experience, as 17% of respondents who suffered a breach or leak attributed it to data compromise from redeployed devices or drives containing residual sensitive data.
Despite this, environmental goals remain essential, with 90% stating that sustainability moderately to significantly impacts data disposal, and 77% noting close collaboration between IT and sustainability teams on data management and erasure tools for sustainability targets.
The report also found that only 37% of enterprises said they were aware of NIST 800-88, the industry standard for data sanitization, and just 36% were aware of IEEE 2883-2022, the most recent standard for modern technologies, including those needed for AI processing and deployment.
“This lack of awareness may lead to policies that dictate sub-par data destruction methods at data and asset end-of-life,” noted the report.
AI: A New Challenge for Data Security Practices
Despite the risks associated with holding large amounts of data, technological advancements, particularly in AI, are making it challenging for businesses to limit their data volume.
A quarter of respondents noted that AI has increased their redundant data, and over a fifth found that AI complicates compliance. However, AI is also seen as beneficial for data management, with more than 50% using it to help define data retention and sanitization policies.
Notably, 83% of enterprises have implemented some form of AI. To support this, 98% of these AI-adopting enterprises have upgraded endpoint devices, with an average of 25% of devices receiving upgrades.
Additionally, 97% of enterprises deploying AI have also upgraded their data center assets to meet the demands of AI deployment.
Lou DiFruscio, CEO of Blancco, commented: “Improper data disposal is a hidden risk—and it’s not talked about enough. Every business IT leader needs to understand their responsibilities, seek out best practices that maintain compliance with data privacy regulations and secure data at all times. Many large businesses get it, though our report confirms there is still work to do to meet today’s data protection obligations.”
Coleman Parkes surveyed 2000 cybersecurity, IT and sustainability leaders in organizations with over 5000 employees in the US, the UK, France, Germany, Japan, Singapore, India and Australia. The survey took place in February and March 2025.
