66 percent of remote or mobile workers knowingly put data at risk over the past year
POWAY, CALIFORNIA / ACCESS Newswire / June 12, 2025 / U.S. businesses are reporting a greater number of data breaches than ever before, according to annual research from Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. The company's 2025 survey reveals that 76 percent of organizations surveyed have self-disclosed a breach or potential breach to the appropriate authorities in the past year, up slightly from 72 percent in 2024.
Yet self-reporting does not imply incidents are under control. Apricorn's research found that two thirds of organizations surveyed (66 percent) admit their remote or mobile workers knowingly put corporate data at risk in the last year. Additionally, 69 percent believe their mobile workforce is likely to expose them to a future breach. These persistent concerns highlight a lack of confidence in user behavior and endpoint management, especially within decentralized and hybrid work environments.
In terms of the cause of data breaches, phishing and employee mistakes shared the top spot, both with 32 percent. While external threats continue to pose a risk, the data confirms that human behavior remains the leading cause of vulnerability, whether through error, negligence or malicious intent.
The majority (96 percent) of organizations surveyed have a mobile/remote working security policy in place, and 96 percent believe their workers understand and follow it. But this confidence is undermined by 73 percent of respondents who say their employees lack the technology or skills needed to properly secure data, even when they are willing to comply. This figure is comparable to last year (72 percent) and suggests that capability, not just awareness, is the missing link and needs greater ongoing attention.
Adding to the challenge is the continued reliance on employee-owned IT equipment. Showing similar year-over-year responses, 62 percent of organizations surveyed in both 2025 and 2024 allow staff to use personal devices to access corporate systems and data. Although most organizations use software to control access, these tools often lack the visibility and enforcement provided by corporate-issued devices.
Only 12 percent of respondents said their organization mandates the use of company-provisioned equipment with endpoint controls. This slight shift downward from 13% in 2024, is alarming and highlights how far most organizations still have to go in order to gain full control of the remote attack surface.
Kurt Markley, Managing Director, Americas, Apricorn, warned that businesses cannot afford to confuse policy with protection. "IT decision makers must go beyond policy creation and focus on equipping remote and mobile workers with the right tools and training to secure sensitive data. As always, human behavior remains the biggest vulnerability, and until organizations take control of endpoints and eliminate reliance on unsecured personal devices, their breach exposure will only grow."
The research also revealed deeper technical and operational issues. Almost forty percent (35%) of organizations say they cannot be certain that their data is adequately secured or they've lost visibility of where corporate data is stored, while 19 percent report that their current technology doesn't support secure mobile or remote working. Additionally, nearly 1 in 10 (7 percent) said they don't know which datasets within their organization need to be encrypted, pointing to a lack of basic data classification and risk assessment.
The mounting complexity of managing remote technologies is another key concern with more organizations struggling with this than has ever been recorded in the survey. Almost half (49 percent) of respondents reported that managing all of the technology that employees need and use for mobile/remote working is too complex. Unsurprisingly, 82% of respondents feel their office-based staff is more security conscious and savvy than those working remotely.
Markley concluded: "Self-reporting is a step in the right direction, but it also reveals how often breaches still occur. Policies mean little without execution. Organizations must equip remote teams with secure tools like hardware-encrypted drives, control how data moves, and build security into everyday habits. With many employees still working outside the office, raising their security know-how is not optional, it's essential."
###
Methodology
The research was conducted by Censuswide, among a sample of 200 IT security decision makers. The data was collected between 23.05.2025 - 29.05.2025. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.
About Apricorn
Apricorn provides American-made, TAA-compliant, FIPS-validated secure storage innovations worldwide. Trusted by companies in finance, healthcare, education, and government, Apricorn's products have become a standard in data security strategies. Founded in 1983, Apricorn continues to develop award-winning products and patented technologies for enterprises globally. Learn more at www.apricorn.com.
Contact Information
Sarah Hawley
sarahhawley@origincomms.com
480-292-4640
SOURCE: Apricorn
View the original press release on ACCESS Newswire:
https://www.accessnewswire.com/newsroom/en/computers-technology-and-internet/cybersecurity-breaches-continue-to-plague-u.s.-businesses-as-76-p-1038623
