Stolen drives and devices are a more common source of data loss than either ransomware or stolen credentials, according to new research by Blancco Technology Group.
The Blancco 2025 State of Data Sanitisation Report also found that in the last three years, 86 per cent of enterprises have experienced a data breach and 73 per cent were hit by a data leak.
The study found that the most common ways to lose data were through phishing-related data breaches (54 per cent), followed by improper network configuration (46 per cent) and stolen devices or drives with sensitive data (41 per cent). By comparison, data breaches due to weak and stolen credentials were reported by only 36 per cent and ransomware by just 32 per cent.
A quarter of respondents said that AI has increased the amount of redundant data they hold and just over one fifth said that AI is making compliance more difficult. However, many claim AI is actually helping with data management, with more than 50 per cent using it to help clearly define data retention and sanitisation.
More than half of businesses are also increasing investment in compliance with data protection and privacy regulations, cybersecurity frameworks and data destruction best practice standards, while the average increase in investment is 46 per cent. Many businesses (55 per cent) have policies in place when it comes to data disposition and almost all of the remainder (42 per cent) are rolling out or defining these policies.
Depending on the type of device, respondents claim that up to 47 per cent of devices destroyed for data security reasons are still functional and 25 per cent of laptops and desktops, and 19 per cent of data centre assets are refurbished without certified erasure — increasing the potential for data loss. In fact, for 17 per cent of respondents that had experienced a breach or leak, data compromise was caused by redeployed devices or drives that still had sensitive data from prior use.
Meanwhile, 90 per cent of respondents said that sustainability has at least a moderate impact on data disposal, and 77 per cent agree that IT and sustainability teams are working closely on data management and the data erasure tools to meet sustainability goals.
“Improper data disposal is a hidden risk—and it’s not talked about enough,” said Lou DiFruscio, CEO of Blancco. “Every business IT leader needs to understand its responsibilities, seek out the best practices that maintain compliance with data privacy regulations, and secure data at the finish line. Our State of Data Sanitisation Report acknowledges what organisations are dealing with now, then gives compliance, IT and ESG teams insight into how those issues affect their approach to end-of-life data and asset disposition. Many large businesses get it, though our report confirms there is still work to do to meet today’s data protection obligations.”
Other key findings include:
• 83 per cent of enterprises have deployed some form of AI. Of these respondents, 98 per cent have upgraded endpoint devices to meet AI demands, upgrading an average 25 per cent of devices.
• 97 per cent of enterprises who have deployed AI have also upgraded data centre assets to address AI deployment needs.
• 47 per cent of data centre assets are still functional at the time of destruction.
• Only 37 per cent of enterprises said that they were aware of NIST 800-88, the industry standard for data sanitisation since 2014. Just 36 per cent were aware of IEEE 2883-2022, the most recent standard for modern technologies, including those needed for AI processing and deployment.