Encryption adoption at 96%, but inconsistent application continues to put sensitive data at risk, according to research from Apricorn
64% of organizations ramp up encryption to better protect data and lost or stolen devices

POWAY, Calif- 15 July 2025 - Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB data storage devices, today announced findings from its 2025 annual survey of US-based IT security decision makers into encryption policies and protocols. The survey revealed that encryption remains a critical asset in data protection, with 96%^* of respondents noting an increase in implementation over the past year.

Sixty four percent of US respondents said encryption has increased allowing them to better protect their data, including on lost/stolen devices. Another key driver behind the encryption uptick is the continued prevalence of remote/hybrid working. Twenty-nine percent of organizations cited this as a primary reason for implementing encryption, up from 19% in 2024.

As sensitive data continues to move beyond the traditional perimeter, securing endpoints and remote access points has become essential. This has spurred the wider adoption of encryption compounded by the fact that nearly one in 10 (seven percent) of those surveyed said they did not know which data sets to encrypt. They noted this was one of the biggest problems associated with implementing a cyber security plan for remote/mobile working.

Interestingly, fewer organizations are now using encryption specifically to protect against ransomware, down to just four percent in 2025 from 12% in 2024. This could be due to ransomware attacks becoming more sophisticated and often unavoidable. Instead, the focus has moved toward the recovery of data through protected backups, rather than solely defending against initial compromise.

Overall, the results indicate maturity in the adoption of encryption, with 96%of organizations now having a defined data encryption policy for removable media.^* The importance of hardware encryption is a priority with 36% highlighting that they only allow the use of hardware-encrypted, organization-approved removable media. This demonstrates that businesses recognize that hardware encryption helps mitigate the risk of unauthorized access if a device is lost or stolen, particularly in environments where removable media is more vulnerable to physical compromise.

“It’s great to see more organizations leaning into encryption, but the job isn’t done just because a policy exists,” said Kurt Markley, Managing Director at Apricorn. “If encryption isn’t being used consistently on the devices people carry around every day, then sensitive data is still at risk. It’s about turning good intentions into everyday habits.”

In response to where encryption is applied most, desktops and laptops dominate with 67% and 62%, respectively. Respondents have prioritized encryption of USB sticks (53%) and portable hard drives (52%).

Additionally, organizations are signaling a strong intent to expand encryption across a range of device types: Portable hard drives (39%), mobile phones (34%), USB sticks (32%), laptops (31%), and desktops (27%).

This targeted investment reflects a growing awareness of the risks associated with portable devices and endpoint data loss, areas frequently exploited in breaches and compliance failures. In fact, a lack of encryption was also cited by 23% of US respondents as being the main reason for a data breach within their organization.

Markley continued, “Data doesn’t stay in one place anymore, so our approach to protecting it can’t either. The fact that more organizations plan to encrypt portable devices shows progress. That said, encryption must be part of the routine, not an afterthought. That’s how real resilience is built.”

* All “Yes” responses combined.

Methodology
The research was conducted by Censuswide, among a sample of 200 IT security decision makers across the US. The data was collected between May 23,2025 – May 29, 2025. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.

About Apricorn
Apricorn provides American-made, TAA-compliant, FIPS-validated secure storage innovations worldwide. Trusted by companies in finance, healthcare, education, and government, Apricorn’s products have become a standard in data security strategies. Founded in 1983, Apricorn continues to develop award-winning products and patented technologies for enterprises globally. Learn more at www.apricorn.com.