Enterprises face a myriad of security threats, but perhaps the most overlooked is the risk of data loss through stolen drives and devices. Recent research from Blancco Technology Group reveals that this risk far outweighs that of ransomware or compromised credentials.
The Blancco 2025 State of Data Sanitisation Report
Blancco’s 2025 State of Data Sanitisation Report, based on responses from 2,000 cybersecurity, IT, and sustainability leaders across North America, Europe, and Asia-Pacific, sheds light on the evolving threat landscape. The report highlights the prevalence of data breaches, data leaks, and phishing-related incidents.
- 86 per cent of surveyed organizations had experienced a data breach in the past three years.
- 73 per cent had suffered a data leak.
- Phishing-related incidents remain the most common cause of breaches, but theft of devices or drives containing sensitive data now outpaces both stolen credentials and ransomware.
The AI Double-Edged Sword
AI has both positive and negative impacts on data management. While 25 per cent of respondents say AI has increased the volume of redundant data they hold—and 22 per cent report AI is complicating compliance—more than half are leveraging AI to clarify data retention policies and support sanitization efforts.
| Feature | Percentage of Respondents |
|---|---|
| Leaking redundant data due to AI | 25% |
| AI complicating compliance | 22% |
| Leveraging AI for sanitization and retention | 51% |
Compliance Demands
Compliance demands are driving a surge in investment. Amid an evolving patchwork of national, regional, and sector-specific data protection regulations, over half of organizations are increasing budgets for compliance, with average investment rising by 46%.
Nearly all surveyed companies either have data disposition policies in place (55%) or are in the process of implementing them (42%).
- 47 per cent of devices destroyed for data security reasons were still functional.
- 25 per cent of refurbished laptops and desktops, and 19 percent of repurposed data center assets, were recycled without certified data erasure.
- 17 per cent of breach or leak incidents, data compromise stemmed from redeployed assets containing residual sensitive information.
Unintended Environmental Consequences
The emphasis on compliance is contributing to unintended environmental consequences. Respondents report that up to 47 per cent of devices destroyed for data security reasons were still functional.
This highlights the need for businesses to carefully consider their data disposal processes and ensure that devices are properly erased before recycling or reusing them.
AI can be a powerful tool for simplifying data retention and sanitization, but it’s not without its challenges. To navigate these complexities, organizations must invest in the right tools and strategies to ensure seamless integration with existing security and compliance frameworks.
Conclusion
The threat of data loss through stolen drives and devices is a serious concern for enterprises.
