23% of IT security decision makers cited a lack of encryption as the main reason for a data breach within their organization

34% of organizations want to expand encryption to mobile phones.

96% of organizations now have a defined data encryption policy for removable media.

29% of organizations cited remote/hybrid working as a primary reason for implementing encryption. This is an increase from 19% in 2024.

Nearly one in 10 (7%) of those surveyed did not know which data sets to encrypt.

Only 4% of organizations are now using encryption specifically to protect against ransomware in 2025. This is a decrease from 12% in 2024.

32% of organizations want to expand encryption to USB sticks.

27% of organizations want to expand encryption to desktops.

IT security decision makers have prioritised encryption of USB sticks (53%) and portable hard drives (52%).

Encryption is applied most to desktops (67%) and laptops (62%).

31% of organizations want to expand encryption to laptops.

96% of IT security decision makers noted an increase in encryption implementation over the past year.

36% of organizations highlighted that they only allow the use of hardware-encrypted, organization-approved removable media.

96% of IT security decision makers noted an increase in encryption implementation over the past year.

64% of IT security decision makers said encryption has increased, allowing them to better protect their data, including on lost/stolen devices.

52% of observed ransomware victims in Q2 2025 were based in The United States.

The US remained the most targeted country by ransomware, accounting for 67% of the total organizations named on ransomware data-leak sites in Q2.

Almost 40% of ransomware attacks in the US targeted the education sector

Lumma Stealer accounts for over 50% of infostealer attacks on the US SLED sector.

In the U.S., 73.8% of surveyed IT/security professionals reported being pressured to keep a breach confidential, even when they believed it should be reported to authorities.