Media loss accounts for more incidents than ransomware

Blancco’s 2025 “State of Data Sanitization” report is based on responses from 2,000 IT leaders across North America, Europe and Asia-Pacific. The study examines how the world’s largest organizations are managing the end of data lifecycle in the face of changing regulatory environments and increasingly important environmental goals.

The results show that more than 80 percent of companies have experienced some form of data security incident in the past three years, and while most were affected by phishing (54 percent) or misuse of network settings (46 percent), loss or theft of data storage media caused an incident for 41 percent of companies, while stolen passwords led to an incident in 36 percent and ransomware in 32 percent.

Physical access – faster data loss

One interesting finding of the report is that many companies (41 percent) have experienced data loss due to a device that was out of their control – for example, lost, stolen or improperly disposed of. According to the research, these incidents are often also related to shortcomings in data management regulations.

“Inappropriate data erasure is a hidden risk – and one that is still under-reported. Every IT leader needs to be aware of their responsibilities, understand best practices to comply with data protection regulations, and ensure data is secure at the end of its digital lifecycle,” said Lou DiFruscio, CEO of Blancco.

The report found that 17% of companies have found some residual data on media that was supposedly deleted but not properly sanitized when disposing of or recycling media, creating a security vulnerability. This is due to the use of incorrect, in-house data deletion methods, as otherwise, data deletion software with independent external certification, which automatically creates a report and also checks the deletion result, is the best method for deleting data in-house and also makes the data media recyclable – thus reducing the ecological footprint related to the IT operations of companies.