Apricorn study finds firms ramping up on encryption

 

Encryption adoption soars to 94%, but inconsistent application continues to put sensitive data at risk, according to the latest research from Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB data storage devices.

Announcing further findings from its 2025 annual survey of IT security decision makers into encryption policies and protocols, the survey reveals that encryption has become a critical asset in data protection, with over 60% of IT security decision makers reporting an increase in encryption to better able them to protect their data, including on lost/stolen devices.  Another key driver behind the uptick in the use of encryption is the continued prevalence of remote and hybrid working, with 26% of firms citing this as a primary reason for implementing encryption, up from 20% in 2024.

With sensitive data now outside traditional boundaries, securing endpoints and remote access is vital.   But although encryption is now more widely used, 11% of survey respondents say they were unsure which data to encrypt, highlighting a major challenge in cybersecurity for remote work.

Interestingly, fewer organizations are now using encryption specifically to protect against ransomware, down to just 10% in 2025 from 12% in 2024 and 17% in 2023.  This may reflect a shift in mindset, with ransomware attacks becoming more sophisticated and often unavoidable.  Instead, the focus has moved toward ensuring the recovery of data through protected backups, rather than solely trying to prevent and protect against initial compromise.

Whilst software encryption has grown, the importance of hardware encryption remains a priority with 34% highlighting that they only allow the use of hardware encrypted organization-approved removable media.  This demonstrates that businesses are recognizing that hardware encryption helps mitigate the risk of unauthorized access if a device is lost or stolen, particularly in environments where removable media is more vulnerable to physical compromise.

“Encryption is only as effective as its execution,” comments Jon Fielding, Managing Director, EMEA, Apricorn.  “While it’s encouraging to see more organizations adopt a strategic approach, policies that sit on paper won’t protect data.  Until encryption becomes an embedded, standardized part of all data handling, especially at the endpoint, businesses will continue to face unnecessary risk.”

In response to where encryption is most commonly applied, 64% say they encrypt all laptops and desktops compared with 55% in 2024.  Encryption of portable media such as USB drives and hard drives has also risen from previous years, with all USB drives now encrypted by 54% and 63% now encrypt all portable hard drives.  This figure is now at its highest since 2020, having increased from 54% in 2024, and just 4% in 2023.

Apricorn’s latest findings signal that organizations have a strong intent to expand encryption across a range of device types.  Many expect to apply encryption on mobile devices (38%), 26% plan to up their encryption on laptops, and 24% expect to increase encryption across desktops.  The findings also indicate a shift from reactive to preventative security postures, particularly as remote work, BYOD policies and hybrid infrastructures persist.

“With sensitive data frequently moving across multiple environments, encrypting endpoints such as laptops and removable media is critical to reducing the risk of exposure,” continues Fielding.  “These year-on-year increases underscore that encryption is no longer confined to core systems and is being embedded throughout the data lifecycle to safeguard business continuity and customer trust.  Encryption is no longer optional; it is fundamental. The challenge now is to make sure it's ubiquitous and automatic.”