Phishing and Misconfigurations: The Biggest Threats to Data Security in 2025

In today’s digital landscape, data breaches remain a top concern for large organizations worldwide. A recent survey by Blancco, a leading data erasure solutions provider, reveals that phishing attacks are the primary cause of data loss, overshadowing other risks such as misconfigurations and stolen devices. As businesses invest more in data protection, emerging technologies like AI introduce both opportunities and challenges in managing and securing vast amounts of sensitive data.

Key Findings from Blancco’s 2025 State of Data Sanitization Report

Blancco teamed up with research firm Coleman Parkes to survey 2,000 cybersecurity, IT, and sustainability leaders from major enterprises across the US, Europe, and Asia. The report reveals that 86% of these organizations have experienced at least one data breach in the past three years. Among these breaches, phishing stands out as the top culprit, responsible for data loss in 54% of cases.

Misconfigurations in systems and applications came second, affecting nearly half of respondents (46%). Devices and drives stolen with sensitive data followed at 41%. Surprisingly, breaches caused by weak or stolen credentials were reported by just 36%, and ransomware incidents accounted for only 32%. This data challenges some common assumptions about cyber risks, highlighting the evolving nature of threats.

The survey also uncovered a growing commitment to data security, with investments in protection and prevention rising 46% over the last year. More than half of organizations have formal data disposition policies, while many others are working to establish them. However, these efforts to protect data often lead to environmental concerns. Nearly half of the devices destroyed for data security reasons are still functional, contributing to e-waste. Alarmingly, a significant percentage of refurbished devices lack certified data erasure, posing risks of residual data exposure.

Sustainability remains a priority, with 90% of respondents indicating that environmental goals influence how they handle data disposal. Close cooperation between IT and sustainability teams is common to balance security with eco-friendly practices. Still, awareness of industry standards for data sanitization is surprisingly low, with less than 40% familiar with guidelines like NIST 800-88 or IEEE 2883-2022.

Artificial intelligence is reshaping the data security landscape. About a quarter of respondents say AI has increased redundant data, and over 20% find compliance more complicated due to AI. Nevertheless, more than half use AI to improve data retention and sanitization policies. Most companies deploying AI have upgraded their IT infrastructure, reflecting the demands of new technologies.

Blancco’s CEO Lou DiFruscio emphasizes that improper data disposal is an overlooked yet critical risk. While progress has been made, many organizations still need to strengthen their practices to keep pace with privacy regulations and evolving cyber threats.

What Undercode Say:

The findings from Blancco’s report shed light on how phishing remains the single biggest vector for data loss, reaffirming the need for ongoing employee training and advanced email security tools. The prominence of misconfigurations as a cause of breaches is a crucial reminder that securing data requires meticulous attention not only to external threats but also to internal systems management. This factor is often underestimated but can cause widespread vulnerabilities when left unchecked.

The statistics on stolen devices further underscore the importance of comprehensive endpoint protection and strict data erasure policies. The fact that nearly half of destroyed devices are still functional suggests many organizations prioritize security over sustainability but may not be striking the right balance. Refurbishing devices without certified erasure is a ticking time bomb, potentially exposing sensitive data and undermining trust.

Another important takeaway is the low awareness of widely accepted data sanitization standards like NIST 800-88 and the newer IEEE 2883-2022. This gap in knowledge could lead to inconsistent or insufficient data destruction methods, increasing exposure risks at asset end-of-life. It highlights the need for better education and adoption of standardized best practices across industries.

Artificial intelligence presents a double-edged sword. While AI can help optimize data management policies, it also generates massive volumes of redundant or outdated data and complicates compliance efforts. Organizations must harness AI’s benefits carefully, implementing robust data governance frameworks that can evolve alongside technological advances.

The rise in investment in data security and resilience is encouraging but must continue to accelerate. Cybersecurity is not a one-time fix but an ongoing process that must integrate evolving threat intelligence, compliance demands, and sustainability goals. Collaboration between IT, security, and sustainability teams will be key in developing holistic strategies that protect sensitive data while reducing environmental impact.

Finally, the global nature of this survey—covering companies in North America, Europe, and Asia—reflects the universal challenges enterprises face today. Data security practices cannot be siloed geographically or functionally. As companies continue to embrace AI and digital transformation, global standards and cross-border cooperation on data protection will become even more critical.

Fact Checker Results

Blancco’s survey data is well-founded and sourced from a credible sample of 2,000 leaders across multiple regions. The emphasis on phishing as a leading cause aligns with broader cybersecurity trends observed in 2024-2025. The statistics on device destruction and policy awareness are consistent with current industry reports. However, more granular data on sector-specific risks would strengthen the findings further.

Prediction

As phishing techniques grow more sophisticated, organizations will increasingly adopt AI-powered threat detection and behavioral analytics to proactively identify and block attacks. Data sanitization will become more automated, with certified erasure standards becoming mandatory in regulated industries to reduce residual data risks. Environmental considerations will drive innovation in secure device reuse and recycling programs. Awareness campaigns and training on international data sanitization standards will gain momentum, helping organizations meet evolving privacy regulations worldwide. Overall, enterprises that successfully balance security, compliance, and sustainability will set new benchmarks in data resilience through 2030.