PCR Tech and IT retail, distribution and vendor news
Blancco Technology Group, the industry standard in data erasure and mobile lifecycle solutions, today released new research on how regulations, AI, and environmental, social, and governance (ESG) goals are transforming enterprise data disposition. Among key findings, the report shows that stolen drives and devices are a more common method of data loss than either ransomware or stolen credentials.
The Blancco 2025 State of Data Sanitisation Report is based on the responses of 2,000 cybersecurity, IT, and sustainability leaders from North America, Europe, and the APAC region. It unpacks how some of the world’s largest organisations are navigating end-of-life data management amid changing regulations, environmental targets, security strategies and AI adoption.
AI expands the threat footprint but enhances data management capabilities
The report found that over the last three years, 86% of enterprises have experienced a data breach, and 73% have experienced a data leak. The most common ways to lose data were through phishing-related data breaches, according to 54%, followed by improper network configuration (46%), and stolen devices or drives with sensitive data (41%). By comparison, data breaches due to weak and stolen credentials were reported by only 36%, and ransomware by just 32%.
With this risk, businesses should limit the amount of data they hold, but advances in technology make this problematic. A quarter of respondents report that AI has increased the amount of redundant data they hold, and just over a fifth said that AI is making compliance more difficult. However, many claim AI is actually helping with data management, with more than 50% using it to help clearly define data retention and sanitisation.
Compliance complexities drive increased investment
The landscape of data protection and privacy regulations, cybersecurity frameworks, and data destruction best practice standards is complex, with updated standards, national and supra-national regulations, and industry-specific demands. To help meet this compliance burden, more than half of businesses are increasing their investment in this area, with an average increase of 46%. Many companies (55%) have policies in place regarding data disposition, and almost all of the remainder (42%) are either rolling out or defining these policies.
The desire to meet these obligations often results in unnecessary e-waste, as functional devices and drives are destroyed to protect any sensitive data stored. Depending on the type of device, respondents claim that up to 47% of devices destroyed for data security reasons are still functional. Additionally, 25% of laptops and desktops, and 19% of data centre assets, are refurbished without certified erasure, which increases the potential for data loss. In fact, for 17% of the respondents who had experienced a breach or leak, data compromise was caused by redeployed devices or drives that still had sensitive data from prior use.
Most of the survey respondents claim that environmental goals remain as important as ever. 90% stated that sustainability has at least a moderate impact on data disposal, and 77% agree that IT and sustainability teams are collaborating closely on data management and data erasure tools to meet sustainability goals.
“Improper data disposal is a hidden risk—and it’s not talked about enough,” said Lou DiFruscio, CEO of Blancco. “Every business IT leader needs to understand their responsibilities, seek out the best practices that maintain compliance with data privacy regulations, and secure data at the finish line. Our State of Data Sanitisation Report acknowledges the challenges organisations are currently facing and provides compliance, IT, and ESG teams with insight into how these issues impact their approach to end-of-life data and asset disposition. Many large businesses get it, though our report confirms there is still work to do to meet today’s data protection obligations.”
